California Code of Regulations
Title 10 - Investment
Chapter 5 - Insurance Commissioner
Subchapter 5.9 - Privacy of Nonpublic Personal Information
Article 1 - General Provisions
Section 2689.4 - Definitions

Universal Citation: 10 CA Code of Regs 2689.4

Current through Register 2024 Notice Reg. No. 38, September 20, 2024

As used in these regulations, unless the context requires otherwise:

(a) "Clear and conspicuous" means that a notice is "reasonably understandable" and "designed to call attention to the nature and significance of the information" in the notice. All notices must be clear and conspicuous and accurately reflect the licensee's privacy policies and practices.

A notice is "reasonably understandable" if it:

(1) Presents information in clear, concise sentences, paragraphs, and sections;

(2) Uses short explanatory sentences (an average of 15-20 words) or bullet lists whenever possible;

(3) Uses definite, concrete, everyday words and active voice whenever possible;

(4) Avoids multiple negatives;

(5) Avoids legal and highly technical business terminology whenever possible;

(6) Avoids explanations that are imprecise and readily subject to different interpretations; and

(7) Achieves a minimum Flesch Reading Ease Score of 50. (The Flesch Reading Ease Score rates text on a 100-point scale -- the higher the score, the easier it is to understand the document. The formula for the Flesch Reading Ease score is:

206.835 - (1.015 x ASL) - (84.6 x ASW)

where:

ASL = average sentence length (the number of words divided by the number of sentences)

ASW = average number of syllables per word (the number of syllables divided by the number of words).)

A notice is "designed to call attention to the nature and significance of the information" in it if it:

(8) Uses a plain-language heading to call attention to the notice;

(9) Uses an easy-to-read typeface and type size (at least 10 point);

(10) Provides wide margins and ample line spacing;

(11) Uses boldface or italics for key words;

(12) In a form that combines the licensee's notice with other information, uses distinctive type size, style, and graphic devices, such as shading or sidebars; and

(13) If on the back or inside of a multi-page form, is accompanied by a prominent notice on the front of the form directing the reader's attention to the privacy notice and where it may be found.

A notice on a web site is "designed to call attention to the nature and significance of the information" in it if it is rendered as a page using Hypertext Markup Language (html) in addition to any other webpage formats used, is at least the equivalent point size and type as the standard text on the licensee's web site, and, uses text or visual cues to encourage scrolling down the page if necessary to view the entire notice and ensures that other elements on the web site (such as text, graphics, hyperlinks or sound) do not distract attention from the notice, and the notice is either:

(14) Placed on a screen that consumers frequently access, such as a page on which transactions are conducted; or

(15) Accessed from a screen that consumers frequently access through a link that connects directly to the notice and is labeled appropriately to convey the importance, nature and relevance of the notice.

(b) "Collect" means to obtain information that the licensee organizes or can retrieve by the name of an individual or by identifying number, symbol or other identifying particular assigned to the individual, regardless of the source of the underlying information.

(c) "Consumer" means an individual who seeks to obtain, obtains or has obtained an insurance product or service from a licensee that is to be used primarily for personal, family or household purposes, and about whom the licensee has nonpublic personal information. "Consumer" includes that individual's legal representative. Examples include, but are not limited to, the following:

(1) An individual who provides nonpublic personal information to a licensee in connection with obtaining or seeking to obtain financial, investment or economic advisory services relating to an insurance product or service, is a consumer regardless of whether the licensee establishes an ongoing relationship.

(2) An applicant for insurance prior to the inception of insurance coverage is a consumer.

(3) An individual who is a consumer of another financial institution is not a licensee's consumer solely because the licensee is acting as agent for, or provides processing or other services to, that financial institution.

(4) An individual is a licensee's consumer if the individual is a beneficiary of a life insurance policy underwritten by the licensee, a claimant under an insurance policy issued by the licensee, an insured or an annuitant under an insurance policy or an annuity issued by the licensee, a certificate holder under an employee or other group policy, a bodily injury claimant against a commercial liability policy, a worker's compensation claimant, or a mortgagor of a mortgage covered under a mortgage insurance policy; and the licensee discloses nonpublic personal information about the individual to a nonaffiliated third party other than as permitted by California Insurance Code Section 791.13.

(5) If the licensee provides initial, annual and revised notices to the plan sponsor, group or blanket insurance policyholder, group annuity contractholder, or workers' compensation plan participant, and does not disclose to a nonaffiliated third party nonpublic personal information about such an individual other than as permitted under California Insurance Code Section 791.13, an individual is not the consumer of the licensee solely because of that relationship. If the licensee does not meet all the conditions of this paragraph, the described individuals are consumers of a licensee.

(6) An individual is not a licensee's consumer solely because the individual is a beneficiary of a trust for which the licensee is a trustee or because the individual has designated the licensee as trustee for a trust.

(d) "Customer" means a consumer who has a continuing relationship with a licensee under which the licensee provides one or more insurance products or services to the consumer that are to be used primarily for personal, family or household purposes.

A consumer has a continuing relationship with a licensee if the consumer is a current policyholder of an insurance product issued by or through the licensee; or the consumer obtains financial, investment or economic advisory services relating to an insurance product or service from the licensee for a fee.

A consumer does not have a continuing relationship with a licensee, and therefore is not a customer, if, for example:

(1) The consumer applies for insurance but does not purchase the insurance;

(2) The licensee sells the consumer travel insurance in an isolated transaction;

(3) The consumer is no longer a current policyholder of an insurance product or no longer obtains insurance services with or through the licensee;

(4) The consumer is a beneficiary or claimant under a policy and has submitted a claim under a policy choosing a settlement option involving an ongoing relationship with the licensee;

(5) The consumer is a beneficiary or a claimant under a policy and has submitted a claim under that policy choosing a lump sum settlement option;

(6) The customer's policy is lapsed, expired, or otherwise inactive or dormant under the licensee's business practices, and the licensee has not communicated with the customer about the relationship for a period of twelve (12) consecutive months, other than annual privacy notices, material required by law or regulation, communication at the direction of a state or federal authority, or promotional materials;

(7) The consumer is an insured or an annuitant under an insurance policy or annuity but is not the policyholder or owner of the insurance policy or annuity; or

(8) The consumer's last known address according to the licensee's records is deemed invalid. An address of record is deemed invalid if mail sent to that address by the licensee has been returned by the postal authorities as undeliverable and if subsequent good faith attempts by the licensee to obtain a current valid address for the individual have been unsuccessful. If so, and if the consumer has not opted out, the licensee shall, at least annually, remove the consumer's name from any list for marketing purposes for disclosure to a nonaffiliated third party.

(e) "Financial institution" means any institution engaged in activities that are financial in nature or incidental to such financial activities as described in Section 4(k) of the Bank Holding Company Act of 1956 (12 US.C. 1843(k)).

Financial institution does not include:

(1) Any person or entity with respect to any financial activity that is subject to the jurisdiction of the Commodity Futures Trading Commission under the Commodity Exchange Act (7 U.S.C. 1 et seq);

(2) The Federal Agricultural Mortgage Corporation or any entity charged and operating under the Farm Credit Act of 1971 (12 U.S.C. 2001 et seq); or

(3) Institutions chartered by Congress specifically to engage in securitizations, secondary market sales (including sales of servicing rights) or similar transactions related to a transaction of a consumer, as long as the institutions do not sell or transfer nonpublic personal information to a nonaffiliated third party.

(f) "Financial product or service" means any product or service that a financial holding company could offer by engaging in an activity that is financial in nature or incidental to such a financial activity under Section 4(k) of the Bank Holding Company Act of 1956 (12 U.S.C. 1843(k)). Financial service includes a financial institution's evaluation or brokerage of information that the financial institution collects in connection with a request or an application from a consumer or a financial product or service.

(g) "Nonaffiliated third party" means any person or entity that is not an affiliate of, or related by common ownership or affiliated by corporate control with, a licensee. Nonaffiliated third party includes any company that is an affiliate solely by virtue of the direct or indirect ownership or control of the company by the licensee or its affiliate in conducting merchant banking or investment banking activities of the type described in Section 4(k)(4)(H) or insurance company investment activities of the type described in Section 4(k)(4)(I) of the federal Bank Holding Company Act (12 U.S.C. 1843(k)(4)(H) and (I)).

(h) "Nonpublic personal financial information" means personally identifiable financial information a consumer provides to a licensee to obtain an insurance product or service from the licensee, information about a consumer resulting from a transaction involving an insurance product or service between a licensee and a consumer, or information the licensee obtains about a consumer in connection with providing an insurance product or service to that consumer.

"Nonpublic personal financial information" includes any list, description or other grouping of consumers that is derived using any personally identifiable financial information that is not publicly available. "Nonpublic personal financial information" does not include medical record information.

(i) "Nonpublic personal information" means "personal information" as defined in California Insurance Code Section 791.02(s). "Nonpublic personal information" includes "nonpublic personal financial information" and "medical record information" (as defined in California Insurance Code Section 791.02(q).

"Nonpublic personal information" includes any list, description or other grouping of consumers that is derived using any personally identifiable information that is not publicly available. "Nonpublic personal information" also includes any information about the licensee's consumer if it is disclosed in a manner that indicates that the individual is or has been the licensee's consumer; any information the licensee collects through an Internet cookie (an information-collecting device from a web survey); and information from a consumer report.

If information about individuals associated with a business entity is collected or accessed in connection with a consumer transaction, or is used for marketing products or services intended for personal, family, or household purposes, it is nonpublic personal information for purposes of these regulations. Insurance transactions relating to products obtained by a policyholder for business, commercial, or agricultural purposes, but which actually provide insurance primarily for personal, family, or household purposes, involve nonpublic personal information for purposes of these regulations.

A dual purpose policy providing only incidental or supplemental commercial coverages is still a policy primarily for personal, family or household purposes for purposes of these regulations.

(j) "Opt-In" means that a licensee must obtain a consumer's permission before sharing certain nonpublic personal information with others.

(k) "Opt-Out" means that a licensee must allow a consumer the opportunity to prevent the sharing of certain nonpublic personal financial information with others.

(l) "Ownership of voting securities," as used in California Insurance Code Section 791.02(g), means ownership or power to vote twenty-five percent (25%) or more of the outstanding shares of any class of voting security of the person or entity, directly or indirectly, or acting through one or more other persons, and includes power in any manner over the election of a majority of the directors, trustees or general partners (or individuals exercising similar functions) of the person or entity.

(m) "Publicly available information" means any information that a licensee has a reasonable basis to believe is lawfully made available to the general public from federal, state or local government records; widely distributed media; or disclosures to the general public that are required to be made by federal, state or local law.

A licensee has a reasonable basis to believe that information is lawfully made available to the general public if the licensee has taken steps to determine that the information is of the type that is available to the general public; and when an individual can direct that the information not be made available to the general public, the individual has not done so.

1. New section filed 11-22-2002; operative 3-24-2003 (Register 2002, No. 47).
2. Change without regulatory effect amending subsection (c)(6) filed 7-14-2021 pursuant to section 100, title 1, California Code of Regulations (Register 2021, No. 29). Filing deadline specified in Government Code section 11349.3(a) extended 60 calendar days pursuant to Executive Order N-40-20.

Note: Authority cited: Sections 791- 791.27, Insurance Code; and 15 U.S.C. Sections 6801, 6805 and 6807. Reference: Section 791.04, Insurance Code; 15 U.S.C. Sections 6801, 6802, 6803 and 6809.

Disclaimer: These regulations may not be the most recent version. California may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.