Current through the 2024 Legislative Session.
Section 4056 - [Effective 1/1/2025] Inapplicability to information not personally identifiable; circumstances allowing release of information(a) This division shall not apply to information that is not personally identifiable to a particular person.(b) Notwithstanding Sections 4052.5, 4053, 4054, and 4054.6, a financial institution may release nonpublic personal information under the following circumstances:(1) The nonpublic personal information is necessary to effect, administer, or enforce a transaction requested or authorized by the consumer, or in connection with servicing or processing a financial product or service requested or authorized by the consumer, or in connection with maintaining or servicing the consumer's account with the financial institution, or with another entity as part of a private label credit card program or other extension of credit on behalf of that entity, or in connection with a proposed or actual securitization or secondary market sale, including sales of servicing rights, or similar transactions related to a transaction of the consumer.(2) The nonpublic personal information is released with the consent of or at the direction of the consumer.(3) The nonpublic personal information is: (A) Released to protect the confidentiality or security of the financial institution's records pertaining to the consumer, the service or product, or the transaction therein.(B) Released to protect against or prevent actual or potential fraud, identity theft, unauthorized transactions, claims, or other liability.(C) Released for required institutional risk control, or for resolving customer disputes or inquiries.(D) Released to persons holding a legal or beneficial interest relating to the consumer, including for purposes of debt collection.(E) Released to persons acting in a fiduciary or representative capacity on behalf of the consumer.(4) The nonpublic personal information is released to provide information to insurance rate advisory organizations, guaranty funds or agencies, applicable rating agencies of the financial institution, persons assessing the institution's compliance with industry standards, and the institution's attorneys, accountants, and auditors.(5) The nonpublic personal information is released to the extent specifically required or specifically permitted under other provisions of law and in accordance with the Right to Financial Privacy Act of 1978 (12 U.S.C. Sec. 3401 et seq.), to law enforcement agencies, including a federal functional regulator, the Secretary of the Treasury with respect to subchapter II of Chapter 53 of Title 31, and Chapter 2 of Title I of Public Law 91-508 (12 U.S.C. Secs. 1951-1959), the California Department of Insurance or other state insurance regulators, the State Bar of California, or the Federal Trade Commission, and self-regulatory organizations, or for an investigation on a matter related to public safety.(6) The nonpublic personal information is released in connection with a proposed or actual sale, merger, transfer, or exchange of all or a portion of a business or operating unit if the disclosure of nonpublic personal information concerns solely consumers of the business or unit.(7) The nonpublic personal information is released to comply with federal, state, or local laws, rules, and other applicable legal requirements; to comply with a properly authorized civil, criminal, administrative, or regulatory investigation or subpoena or summons by federal, state, or local authorities; or to respond to judicial process or government regulatory authorities having jurisdiction over the financial institution for examination, compliance, or other purposes as authorized by law.(8) When a financial institution is reporting a known or suspected instance of elder or dependent adult financial abuse or is cooperating with a local adult protective services agency investigation of known or suspected elder or dependent adult financial abuse pursuant to Article 3 (commencing with Section 15630) of Chapter 11 of Part 3 of Division 9 of the Welfare and Institutions Code.(9) The nonpublic personal information is released to an affiliate or a nonaffiliated third party in order for the affiliate or nonaffiliated third party to perform business or professional services, such as printing, mailing services, data processing or analysis, or customer surveys, on behalf of the financial institution, provided that all of the following requirements are met: (A) The services to be performed by the affiliate or nonaffiliated third party could lawfully be performed by the financial institution.(B) There is a written contract between the affiliate or nonaffiliated third party and the financial institution that prohibits the affiliate or nonaffiliated third party, as the case may be, from disclosing or using the nonpublic personal information other than to carry out the purpose for which the financial institution disclosed the information, as set forth in the written contract.(C) The nonpublic personal information provided to the affiliate or nonaffiliated third party is limited to that which is necessary for the affiliate or nonaffiliated third party to perform the services contracted for on behalf of the financial institution.(D) The financial institution does not receive any payment from or through the affiliate or nonaffiliated third party in connection with, or as a result of, the release of the nonpublic personal information.(10) The nonpublic personal information is released to identify or locate missing and abducted children, witnesses, criminals and fugitives, parties to lawsuits, parents delinquent in child support payments, organ and bone marrow donors, pension fund beneficiaries, and missing heirs.(11) The nonpublic personal information is released to a real estate appraiser licensed or certified by the state for submission to central data repositories such as the California Market Data Cooperative, and the nonpublic personal information is compiled strictly to complete other real estate appraisals and is not used for any other purpose.(12) The nonpublic personal information is released as required by Title III of the federal United and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (USA Patriot Act; P.L. 107-56).(13) The nonpublic personal information is released either to a consumer reporting agency pursuant to the Fair Credit Reporting Act (15 U.S.C. Sec. 1681 et seq.) or from a consumer report reported by a consumer reporting agency.(14) The nonpublic personal information is released in connection with a written agreement between a consumer and a broker-dealer registered under the Securities Exchange Act of 1934 or an investment adviser registered under the Investment Advisers Act of 1940 to provide investment management services, portfolio advisory services, or financial planning, and the nonpublic personal information is released for the sole purpose of providing the products and services covered by that agreement.(c) Nothing in this division is intended to change existing law relating to access by law enforcement agencies to information held by financial institutions.Amended by Stats 2024 ch 227 (AB 3279),s 29, eff. 1/1/2025.Added by Stats 2003 ch 241 (SB 1),s 1, eff. 1/1/2004, op. 7/1/2004.This section is set out more than once due to postponed, multiple, or conflicting amendments.