Statutes, codes, and regulations
Iowa Administrative Code
Agency 191 - INSURANCE DIVISIONINSURANCE COVERAGE FOR PEDIATRIC PREVENTIVE SERVICES
Chapter 90 - FINANCIAL AND HEALTH INFORMATION REGULATION
Rule 191-90.10 - Limits on redisclosure and reuse of nonpublic personal financial information

Iowa Admin. Code r. 191-90.10

Download
PDF
Current through Register Vol. 47, No. 13, December 25, 2024
Rule 191-90.10 - Limits on redisclosure and reuse of nonpublic personal financial information
(1) In the event a licensee receives nonpublic personal financial information from a nonaffiliated financial institution under an exception to rules 191-90.13 (505) and 191-90.14 (505), the licensee's disclosure and use of that information is limited as follows:
a. The licensee may disclose the information to the affiliates of the financial institution from which the licensee received the information;
b. The licensee may disclose the information to its affiliates, but the licensee's affiliates may, in turn, disclose and use the information only to the extent that the licensee may disclose and use the information; and
c. The licensee may disclose and use the information pursuant to an exception in rule 191-90.13 (505) or 191-90.14 (505) in the ordinary course of business to carry out the activity covered by the exception under which the licensee received the information.

If a licensee receives information from a nonaffiliated financial institution for claims settlement purposes, the licensee may disclose the information for fraud prevention or in response to a properly authorized subpoena. The licensee may not disclose that information to a third party for marketing purposes or use that information for its own marketing purposes.

(2) In the event a licensee received nonpublic personal financial information from a nonaffiliated financial institution other than under an exception in rules 191-90.13 (505) and 191-90.14 (505), the licensee may disclose the information only as follows:
a. To the affiliates of the financial institution from which the licensee received the information;
b. To its affiliates, but its affiliates may, in turn, disclose the information only to the extent that the licensee may disclose the information; and
c. To any other person, if the disclosure would be lawful if made directly to that person by the financial institution from which the licensee received the information.

In the event a licensee obtains a customer list from a nonaffiliated financial institution outside of the exceptions in rule 191-90.13 (505) or 191-90.14 (505), the licensee may use that list for its own purposes and the licensee may disclose that list to another nonaffiliated third party only if the financial institution from which the licensee purchased the list could have lawfully disclosed the list to that third party.

The licensee may disclose the list in accordance with the privacy policy of the financial institution from which the licensee received the list as limited by the opt-out direction of each consumer whose nonpublic personal financial information the licensee intends to disclose, and the licensee may disclose the list in accordance with an exception in rule 191-90.13 (505) or 191-90.14 (505), such as to the licensee's attorneys or accountants.

(3) In the event a licensee discloses nonpublic personal financial information to a nonaffiliated third party under an exception in rules 191-90.13 (505) and 191-90.14 (505), the third party may disclose and use that information only as follows:
a. The third party may disclose the information to the licensee's affiliates;
b. The third party may disclose the information to its affiliates, but its affiliates may, in turn, disclose and use the information only to the extent that the third party may disclose and use the information; and
c. The third party may disclose and use the information pursuant to an exception in rules 191-90.13 (505) and 191-90.14 (505) in the ordinary course of business to carry out the activity covered by the exception under which it received the information.
(4) In the event a licensee discloses nonpublic personal financial information to a nonaffiliated third party other than under an exception in rules 191-90.13 (505) and 191-90.14 (505), the third party may disclose the information only to the following:
a. The licensee's affiliates;
b. The third party's affiliates, but the third party's affiliates, in turn, may disclose the information only to the extent the third party can disclose the information; and
c. Any other person, if the disclosure would be lawful if the licensee made it directly to that person.

Iowa Admin. Code r. 191-90.10

Adopted by IAB March 20, 2024/Volume XLVI, Number 19, effective 4/24/2024