(a) In a privacy
notice required under
3
AAC 26.610,
3
AAC 26.615, and
3
AAC 26.630, a licensee shall include the following:
(1) the categories of nonpublic personal
financial information that the licensee collects;
(2) the categories of nonpublic personal
financial information that the licensee discloses;
(3) except for persons to whom the licensee
discloses information as allowed under
3
AAC 26.665 and
3
AAC 26.670, the categories of affiliates and
nonaffiliated third parties to which the licensee discloses a consumer's
nonpublic personal financial information;
(4) except for persons to whom the licensee
discloses information as allowed under
3
AAC 26.665 and
3
AAC 26.670, the categories of nonpublic personal
financial information that the licensee discloses about a consumer who is no
longer a customer of the licensee;
(5) except for persons to whom the licensee
discloses information as allowed under
3
AAC 26.665 and
3
AAC 26.670, the categories of affiliates and
nonaffiliated third parties to whom the licensee discloses nonpublic personal
financial information about a consumer who is no longer a customer of the
licensee;
(6) if the licensee
discloses nonpublic personal financial information to a nonaffiliated third
party under
3
AAC 26.660 and an exception in
3
AAC 26.665 or
3
AAC 26.670 does not apply to the disclosure, a
separate description of the categories of information that the licensee
discloses and the categories of nonaffiliated third parties with whom the
licensee has contracted;
(7) an
explanation of the consumer's right under
3
AAC 26.645 to opt out of the disclosure of nonpublic
personal financial information to nonaffiliated third parties, including the
methods by which the consumer may opt out;
(8) a disclosure that the licensee makes
under 15 U.S.C.
1681 a(d)(2)(A)(iii) (Fair Credit Reporting
Act) regarding the ability of a consumer to opt out of disclosures of
information among affiliates;
(9) a
description of the licensee's policies and practices regarding the protection
of the confidentiality and security of nonpublic personal financial
information;
(10) a disclosure that
the licensee makes under (b) of this section.
(b) If a licensee discloses nonpublic
personal financial information as allowed under
3
AAC 26.665 or
3
AAC 26.670, the licensee
(1) is not required to list the persons
subject to the exceptions in a notice required under
3
AAC 26.610 or
3
AAC 26.615; and
(2) shall state in a notice required under
3
AAC 26.610 or
3
AAC 26.615 that the licensee makes disclosures to
other affiliates or nonaffiliated third parties as allowed by law.
(c) A licensee meets the
requirements of
3
AAC 26.610(a) (2) and
3
AAC 26.625(d) for a consumer who is
not a customer if the
(1) licensee prepares a
privacy notice containing the information required in (a) of this
section;
(2) licensee, upon the
consumer's request, provides the privacy notice to the consumer;
(3) consumer may obtain a copy of the privacy
notice by at least one of the following means:
(A) calling a toll-free number provided by
the licensee;
(B) sending a written
request to a mailing address provided by the licensee;
(C) making an in-person request at the
licensee's office for immediate provision of a copy;
(D) another means that the director
determines to be a reasonable means for the consumer to obtain a copy;
and
(4) licensee
provides, at the same time that the opt out notice required under
3
AAC 26.625 is provided, a short-form initial notice to
the consumer that
(A) is clear and
conspicuous;
(B) states that the
licensee's privacy notice is available upon request; and
(C) explains how the consumer may obtain the
privacy notice.
(d) A licensee may include in the notices
required under
3
AAC 26.610,
3
AAC 26.615, and
3
AAC 26.630 the following:
(1) the categories of nonpublic personal
financial information that the licensee does not currently disclose, and that
the licensee reserves the right to disclose in the future;
(2) the categories of affiliates or
nonaffiliated third parties to whom the licensee does not currently disclose
nonpublic personal financial information, but to whom the licensee may disclose
nonpublic personal financial information in the future;
(3) other information that applies to the
licensee and to the consumer.
(e) A licensee, including a group of
financial holding company affiliates that use a common privacy notice, may use
the following sample statements to comply with the applicable requirements of
this section regarding content of privacy notices, if each statement used is
accurate for each institution that uses the notice:
(1)
categories of information a
licensee collects (all institutions): a licensee may use the following
statement to meet the requirement of
3
AAC 26.620(a) (1) to describe the
categories of nonpublic personal financial information the licensee collects:
We collect nonpublic personal financial information about
you from the following sources:
Information we receive from you on applications or other
forms;
Information about your transactions with us, our
affiliates, or any others; and
Information we receive from a consumer-reporting
agency.
(2)
categories of information a licensee discloses (institutions that
disclose outside of the exceptions): a licensee may use one of the
following statements, if applicable, to meet the requirement of
3
AAC 26.620(a) (2) to describe the
categories of nonpublic personal financial information the licensee discloses;
a licensee may use the following statements if the licensee discloses nonpublic
personal financial information other than as allowed by the exceptions in
3
AAC 26.660 -
3
AAC 26.670:
Alternative 1:
We may disclose the following kinds of nonpublic personal
financial information about you:
Information we receive from you on applications or other
forms, such as [provide illustrative examples, such as "your name, address,
social security number, assets, income, and beneficiaries"];
Information about your transactions with us, our
affiliates, or any others, such as [provide illustrative examples, such as
"your policy coverage, premiums, and payment history"]; and
Information we receive from a consumer-reporting agency,
such as [provide illustrative examples, such as "your creditworthiness and
credit history"].
Alternative 2:
We may disclose all of the information that we collect, as
described [describe location in the notice, such as "above" or "below"].
(3)
categories of
information a licensee discloses and persons to whom the licensee discloses
(institutions that do not disclose outside of the exceptions): a
licensee may use the following statement to meet the requirements of
3
AAC 26.620(a) (2), (3), (4), and (5)
to describe the categories of nonpublic personal financial information about
customers and former customers that the licensee discloses and the categories
of affiliates and nonaffiliated third parties to whom the licensee discloses; a
licensee may use the following statement if the licensee does not disclose
nonpublic personal financial information to any person, other than as allowed
by the exceptions in
3
AAC 26.665 and
3
AAC 26.670:
We do not disclose any nonpublic personal financial
information about our customers or former customers to anyone, except as
allowed by law.
(4)
categories of parties to whom a licensee discloses (institutions that
disclose outside of the exceptions): a licensee may use the following
statement to meet the requirement of
3
AAC 26.620(a) (3) to describe the
categories of affiliates and nonaffiliated third parties to whom the licensee
discloses nonpublic personal financial information; the following statement may
be used if the licensee discloses nonpublic personal financial information
other than as allowed by the exceptions in
3
AAC 26.660 -
3
AAC 26.670, as well as when allowed by the exceptions
in 3 AAC 26.665 and
3
AAC 26.670:
We may disclose nonpublic personal financial information
about you to the following types of third parties:
Financial service providers, such as [provide illustrative
examples, such as "life insurers, automobile insurers, mortgage bankers,
securities broker-dealers, and insurance agents"];
Non-financial companies, such as [provide illustrative
examples, such as "retailers, direct marketers, airlines, and publishers"];
and
Others, such as [provide illustrative examples, such as
"non-profit organizations"].
We may also disclose nonpublic personal financial
information about you to nonaffiliated third parties as allowed by law.
(5)
service provider/joint
marketing exception: a licensee may use one of the following statements
to meet the requirements of
3
AAC 26.620(a) (6) related to the
exception in
3
AAC 26.660 for provision of nonpublic personal
financial information to a nonaffiliated third party to act as a service
provider or to perform joint marketing services; if a licensee discloses
nonpublic personal financial information under the exception in
3
AAC 26.660, the licensee shall describe the categories
of nonpublic personal financial information the licensee discloses and the
categories of third parties with which the licensee has contracted:
Alternative 1:
We may disclose the following information to companies that
perform marketing services on our behalf or to other financial institutions
with which we have joint marketing agreements:
Information we receive from you on applications or other
forms, such as [provide illustrative examples, such as "your name, address,
social security number, assets, income, and beneficiaries"];
Information about your transactions with us, our
affiliates, or any others, such as [provide illustrative examples, such as
"your policy coverage, premium, and payment history"]; and
Information we receive from a consumer-reporting agency,
such as [provide illustrative examples, such as "your creditworthiness and
credit history"].
Alternative 2:
We may disclose all of the information we collect, as
described [describe location in the notice, such as "above" or "below"] to
companies that perform marketing services on our behalf or to other financial
institutions with which we have joint marketing agreements.
(6)
explanation of opt out right
(institutions that disclose outside of the exceptions): a licensee may
use the following statement to meet the requirement of
3
AAC 26.620(a) (7) to provide an
explanation of the consumer's right to opt out of the disclosure of nonpublic
personal financial information to nonaffiliated third parties, including the
method by which the consumer may exercise that right; the licensee may use this
statement if the licensee discloses nonpublic personal financial information
other than as allowed under
3
AAC 26.660 -
3
AAC 26.670:
If you prefer that we not disclose nonpublic personal
financial information about you to nonaffiliated third parties, you may opt out
of those disclosures, that is, you may direct us not to make those disclosures,
other than disclosures allowed by law. If you wish to opt out of disclosures to
nonaffiliated third parties, you may [describe a reasonable means of opting
out, such as "call the following toll-free number: (insert number)"].
(7)
confidentiality and
security (all institutions): a licensee may use the following statement
to meet the requirement of
3
AAC 26.620(a) (9) to describe the
licensee's policies and practices with respect to protecting the
confidentiality and security of nonpublic personal financial information:
We restrict access to nonpublic personal financial
information about you to [provide an appropriate description, such as "those
employees who need to know that information to provide products or services to
you"]. We maintain physical, electronic, and procedural safeguards that comply
with federal regulations to guard your nonpublic personal financial
information.
In 2010 the revisor of statutes, acting under
AS
01.05.031, renumbered former
AS
21.36.162 as
AS
21.36.510. As of Register 196 (January 2011),
the regulations attorney made a conforming technical revision under
AS
44.62.125(b)(6), to the
authority citation that follows 3 AAC 26.620, so that the citation to former
AS
21.36.162 now refers to the renumbered
statute, AS
21.36.510.
