Current through Register 2024 Notice Reg. No. 38, September 20, 2024
(a) The initial, annual and revised privacy
notices that a licensee provides under Sections
2689.5,
2689.6, and
2689.9 shall, at a minimum, include
each of the following that applies to the licensee and to the consumers to whom the
licensee sends its privacy notice:
(1) The
categories of nonpublic personal information that the licensee collects;
(2) The categories of nonpublic personal
information that the licensee discloses;
(3) The categories of affiliates and nonaffiliated
third parties to whom the licensee discloses nonpublic personal information, and the
general types of businesses in which the third parties engage if the information is
disclosed pursuant to California Insurance Code Section
791.13(k);
(4) The categories of nonpublic personal
information about the licensee's former customers that the licensee discloses and
the categories of affiliates and nonaffiliated third parties to whom the licensee
discloses nonpublic personal information about the licensee's former customers, if
the information is disclosed pursuant to California Insurance Code Section
791.13(k);
(5) If a licensee wishes to disclose or reserve
the right to disclose nonpublic personal financial information to an affiliate for
marketing purposes without affirmative authorization or the right to opt out of that
disclosure, a statement explaining that the licensee may disclose nonpublic personal
financial information to affiliates for marketing purposes without obtaining prior
authorization and the law does not allow customers to restrict that
disclosure.
(6) An explanation of the
consumer's right to opt out of the disclosure of nonpublic personal financial
information to nonaffiliated third parties, including the methods by which the
consumer may exercise that right at that time;
(7) Any disclosures that the licensee makes under
Section 603(d)(2)(A)(iii) of the federal Fair Credit Reporting Act (15 U.S.C.
1681a(d)(2)(A)(iii)) regarding
the ability to opt out of disclosures of information among affiliates;
(8) The licensee's policies and practices with
respect to protecting the confidentiality and security of nonpublic personal
information, including a general description as to who is authorized to have access
to the information;
(9) If applicable, a
statement that the consumer has the right to access and request correction of
recorded nonpublic personal information and a brief description of the manner in
which those rights may be exercised; and
(10) The categories of disclosures that the
licensee makes under California Insurance Code Section
791.13.
(11) If applicable, the statement required by
California Insurance Code Section
791.04(b)(5).
(12) A licensee does not adequately categorize the
information that it discloses if the licensee uses only general terms, such as
transaction information about the consumer.
(b) If prior authorization is not required and a
licensee reserves the right to disclose all of the nonpublic personal information
about consumers that it collects, the licensee may simply state that fact without
describing the categories or examples of nonpublic personal information that the
licensee discloses.
(c) An abbreviated
notice, as provided for in California Insurance Code Section
791.04(c),
shall comply with California Insurance Code Section
791.04(c)
and:
(1) Be clear and conspicuous;
(2) Describe a reasonable means by which the
consumer may obtain the notice prescribed by California Insurance Code Section
791.04(b),
such as calling a toll-free telephone number to request the notice. If the consumer
is provided the abbreviated notice in person at the licensee's office, the
abbreviated notice may state that the licensee maintains copies of the notice on
hand which will be provided to the consumer immediately upon request; and
(3) If applicable, contain an opt-out notice
complying with these regulations.
This section does not prohibit the use of multiple links on a
website to different categories or levels of information, as long as they are
designed to facilitate rather than impede access.
1. New section
filed 11-22-2002; operative 3-24-2003 (Register 2002, No.
47).
Note: Authority cited: Sections
791-
791.27,
Insurance Code; and 15 U.S.C.
Sections 6801,
6805 and
6807. Reference: Sections
791.04,
791.05,
791.06 and
791.13,
Insurance Code.
