Florida Administrative Code
69 - DEPARTMENT OF FINANCIAL SERVICES
69O - OIR - Insurance Regulation
Chapter 69O-128 - PRIVACY OF CONSUMER FINANCIAL AND HEALTH INFORMATION
Section 69O-128.002 - Definitions

Universal Citation: FL Admin Code R 69O-128.002

Current through Reg. 50, No. 187; September 24, 2024

As used in these rules, unless the context requires otherwise:

(1) "Affiliate" means a company that controls, is controlled by or is under common control with another company.

(2)

(a) "Clear and conspicuous" means that a notice is reasonably understandable and designed to call attention to the nature and significance of the information in the notice.

(b) Examples.
1. Reasonably understandable. A licensee makes its notice reasonably understandable if it:
a. Presents the information in the notice in clear, concise sentences, paragraphs and sections;

b. Uses short explanatory sentences or bullet lists whenever possible;

c. Uses definite, concrete, everyday words and active voice whenever possible;

d. Avoids multiple negatives;

e. Avoids legal and highly technical business terminology whenever possible; and,

f. Avoids explanations that are imprecise and readily subject to different interpretations.

2. Designed to call attention. A licensee designs its notice to call attention to the nature and significance of the information in it if the licensee:
a. Uses a plain-language heading to call attention to the notice;

b. Uses a typeface and type size that are easy to read;

c. Provides wide margins and ample line spacing;

d. Uses boldface or italics for key words; and,

e. In a form that combines the licensee's notice with other information, uses distinctive type size, style, and graphic devices, such as shading or sidebars.

3. Notices on web sites. If a licensee provides a notice on a web page, the licensee designs its notice to call attention to the nature and significance of the information in it if the licensee uses text or visual cues to encourage scrolling down the page if necessary to view the entire notice and ensure that other elements on the web site, such as text, graphics, hyperlinks or sound, do not distract attention from the notice, and the licensee either:
a. Places the notice on a screen that consumers frequently access, such as a page on which transactions are conducted; or

b. Places a link on a screen that consumers frequently access, such as a page on which transactions are conducted, that connects directly to the notice and is labeled appropriately to convey the importance, nature and relevance of the notice.

(3) "Collect" means to obtain information that the licensee organizes or can retrieve by the name of an individual or by identifying number, symbol or other identifying particular assigned to the individual, irrespective of the source of the underlying information.

(4) "Company" means a corporation, limited liability company, business trust, general or limited partnership, association, sole proprietorship or similar organization.

(5)

(a) "Consumer" means an individual who seeks to obtain, obtains, or has obtained an insurance product or service from a licensee that is to be used primarily for personal, family or household purposes, and about whom the licensee has nonpublic personal information, or that individual's legal representative.

(b) Examples.
1. An individual who provides nonpublic personal information to a licensee in connection with obtaining or seeking to obtain financial, investment or economic advisory services relating to an insurance product or service is a consumer regardless of whether the licensee establishes an ongoing advisory relationship.

2. An applicant for insurance prior to the inception of insurance coverage is a licensee's consumer.

3. An individual who is a consumer of another financial institution is not a licensee's consumer solely because the licensee is acting as agent for, or provides processing or other services to, that financial institution.

4. An individual is a licensee's consumer if the individual is:
a.
(I) A beneficiary of a life insurance policy underwritten by the licensee;

(II) A claimant under an insurance policy issued by the licensee;

(III) An insured or an annuitant under an insurance policy or an annuity, respectively, issued by the licensee; or

(IV) A mortgagor of a mortgage covered under a mortgage insurance policy; and,

b. The licensee discloses nonpublic personal financial information about the individual to a nonaffiliated third party other than as permitted under Rules 69O-128.014, 69O-128.015 and 69O-128.016, F.A.C.

5. Provided that the licensee provides the initial, annual and revised notices under Rules 69O-128.005, 69O-128.006 and 69O-128.009, F.A.C., to the plan sponsor, group or blanket insurance policyholder or group annuity contract holder or workers' compensation plan participant, and further provided that the licensee does not disclose to a nonaffiliated third party nonpublic personal financial information about such an individual other than as permitted under Rules 69O-128.014, 69O-128.015 and 69O-128.016, F.A.C., an individual is not the consumer of the licensee solely because he or she is:
a. A participant or a beneficiary of an employee benefit plan that the licensee administers or sponsors or for which the licensee acts as a trustee, insurer or fiduciary;

b. Covered under a group or blanket insurance policy or group annuity contract issued by the licensee; or

c. A beneficiary in a workers' compensation plan.

6.
a. The individuals described in sub-subparagraphs (5)(b)5.a. through c. of this paragraph, are consumers of a licensee if the licensee does not meet all the conditions of subparagraph (5)(b)5.

b. In no event shall the individuals, solely by virtue of the status described in sub-subparagraphs (5)(b)5.a. through c., above, be deemed to be customers for purposes of this rule.

7. An individual is not a licensee's consumer solely because he or she is a beneficiary of a trust for which the licensee is a trustee.

8. An individual is not a licensee's consumer solely because he or she has designated the licensee as trustee for a trust.

(6) "Consumer reporting agency" has the same meaning as in Section 603(f) of the federal Fair Credit Reporting Act (15 U.S.C. 1681a(f)).

(7) "Control" means:

(a) Ownership, control or power to vote 25 percent or more of the outstanding shares of any class of voting security of the company, directly or indirectly, or acting through one or more other persons;

(b) Control in any manner over the election of a majority of the directors, trustees or general partners (or individuals exercising similar functions) of the company; or

(c) The power to exercise, directly or indirectly, a controlling influence over the management or policies of the company, as the Office determines.

(8) "Customer" means a consumer who has a customer relationship with a licensee.

(9)

(a) "Customer relationship" means a continuing relationship between a consumer and a licensee under which the licensee provides one or more insurance products or services to the consumer that are to be used primarily for personal, family or household purposes.

(b) Examples.
1. A consumer has a continuing relationship with a licensee if:
a. The consumer is a current policyholder of an insurance product issued by or through the licensee; or

b. The consumer obtains financial, investment or economic advisory services relating to an insurance product or service from the licensee for a fee.

2. A consumer does not have a continuing relationship with a licensee if:
a. The consumer applies for insurance but does not purchase the insurance;

b. The licensee sells the consumer airline travel insurance or similar limited duration types of travel related insurance in an isolated transaction not involving a continuing policyholder relationship;

c. The individual is no longer a current policyholder of an insurance product or no longer obtains insurance services with or through the licensee;

d. The consumer is a beneficiary or claimant under a policy and has submitted a claim under a policy choosing a settlement option involving an ongoing relationship with the licensee;

e. The consumer is a beneficiary or a claimant under a policy and has submitted a claim under that policy choosing a lump sum settlement option;

f. The customer's policy is lapsed, expired, or otherwise inactive or dormant under the licensee's business practices, and the licensee has not communicated with the customer about the relationship for a period of 12 consecutive months, other than annual privacy notices, material required by law or rule, communication at the direction of a state or federal authority, or promotional materials;

g. The individual is an insured or an annuitant under an insurance policy or annuity, respectively, but is not the policyholder or owner of the insurance policy or annuity; or

h. For the purposes of this rule, the individual's last known address according to the licensee's records is deemed invalid. An address of record is deemed invalid if mail sent to that address by the licensee has been returned by the postal authorities as undeliverable and if subsequent attempts by the licensee to obtain a current valid address for the individual have been unsuccessful.

(10)

(a) "Financial institution" means any institution the business of which is engaging in activities that are financial in nature or incidental to such financial activities as described in Section 4(k) of the Bank Holding Company Act of 1956 (12 U.S.C. 1843(k)).

(b) Financial institution does not include:
1. Any person or entity with respect to any financial activity that is subject to the jurisdiction of the Commodity Futures Trading Commission under the Commodity Exchange Act (7 U.S.C. 1 et seq.),

2. The Federal Agricultural Mortgage Corporation or any entity charged and operating under the Farm Credit Act of 1971 (12 U.S.C. 2001 et seq.); or

3. Institutions chartered by Congress specifically to engage in securitizations, secondary market sales (including sales of servicing rights) or similar transactions related to a transaction of a consumer, as long as the institutions do not sell or transfer nonpublic personal information to a nonaffiliated third party.

(11)

(a) "Financial product or service" means a product or service that a financial holding company could offer by engaging in an activity that is financial in nature or incidental to such a financial activity under Section 4(k) of the Bank Holding Company Act of 1956 (12 U.S.C. 1843(k)).

(b) Financial service includes a financial institution's evaluation or brokerage of information that the financial institution collects in connection with a request or an application from a consumer for a financial product or service.

(12) "Health care" means:

(a) Preventive, diagnostic, therapeutic, rehabilitative, maintenance or palliative care, services, procedures, tests or counseling that:
1. Relates to the physical, mental or behavioral condition of an individual; or

2. Affects the structure or function of the human body or any part of the human body, including the banking of blood, sperm, organs or any other tissue; or

(b) Prescribing, dispensing or furnishing to an individual drugs or biologicals, or medical devices or health care equipment and supplies.

(13) "Health care provider" means a physician or other health care practitioner licensed, accredited or certified to perform specified health services consistent with state law, or a health care facility.

(14) "Health information" means any information or data except age or gender, whether oral or recorded in any form or medium, created by or derived from a health care provider or the consumer that relates to:

(a) The past, present or future physical, mental or behavioral health or condition of an individual;

(b) The provision of health care to an individual; or

(c) Payment for the provision of health care to an individual.

(15)

(a) "Insurance product or service" means any product or service that is offered by a licensee pursuant to the insurance laws of this state.

(b) Insurance service includes a licensee's evaluation, brokerage or distribution of information that the licensee collects in connection with a request or an application from a consumer for a insurance product or service.

(16)

(a)
1. "Licensee" means all licensed insurers, producers and other persons licensed or required to be licensed, or authorized or required to be authorized, or registered or required to be registered pursuant to the Florida Insurance Code.

2. "Licensee" does not include persons or entities regulated pursuant to Chapter 634, F.S.

(b) A licensee is not subject to the notice and opt out requirements for nonpublic personal financial information set forth in these rules if the licensee is an employee, agent or other representative of another licensee ("the principal"), and:
1. The principal otherwise complies with, and provides the notices required by, the provisions of these rules; and,

2. The licensee does not disclose any nonpublic personal information to any person, including the principal or its affiliates, unless in a manner permitted by this rule.

(c)
1. Subject to subparagraph (b)2., above, "licensee" shall also include an unauthorized insurer that accepts business placed through a licensed surplus lines agent in this state, but only in regard to the surplus lines placements placed pursuant to Section 626.916, F.S.

2. A surplus lines agent, producing agent, or surplus lines insurer shall be deemed to be in compliance with the notice and opt out requirements for nonpublic personal financial information set forth in these rules provided:
a. The surplus lines agent, producing agent, or insurer does not disclose nonpublic personal information of a consumer or a customer to nonaffiliated third parties for any purpose, including joint servicing or marketing under Rule 69O-128.014, F.A.C., except as permitted by Rule 69O-128.015 or 69O-128.016, F.A.C.; and,

b. The surplus lines agent, producing agent or insurer delivers a notice to the consumer at the time a customer relationship is established on which the following is printed in 16-point type:

PRIVACY NOTICE

"Neither the U.S. brokers that handled this insurance nor the insurers that have underwritten this insurance will disclose nonpublic personal information concerning the buyer to nonaffiliates of the brokers or insurers except as permitted by law."

(17)

(a) "Nonaffiliated third party" means any person except:
1. A licensee's affiliate; or

2. A person employed jointly by a licensee and any company that is not the licensee's affiliate (but nonaffiliated third party includes the other company that jointly employs the person).

(b) Nonaffiliated third party includes any company that is an affiliate solely by virtue of the direct or indirect ownership or control of the company by the licensee or its affiliate in conducting merchant banking or investment banking activities of the type described in Section 4(k)(4)(H) or insurance company investment activities of the type described in Section 4(k)(4)(I) of the federal Bank Holding Company Act (12 U.S.C. 1843(k) (4)(H) and (I)).

(18) "Nonpublic personal information" means nonpublic personal financial information and nonpublic personal health information.

(19)

(a) "Nonpublic personal financial information" means:
1. Personally identifiable financial information; and,

2. Any list, description or other grouping of consumers (and publicly available information pertaining to them) that is derived using any personally identifiable financial information that is not publicly available.

(b) Nonpublic personal financial information does not include:
1. Health information,

2. Publicly available information, except as included on a list described in subparagraph (19)(a)2. of this rule; or

3. Any list, description or other grouping of consumers (and publicly available information pertaining to them) that is derived without using any personally identifiable financial information that is not publicly available.

(c) Examples of lists.
1. Nonpublic personal financial information includes any list of individuals' names and street addresses that is derived in whole or in part using personally identifiable financial information that is not publicly available, such as account numbers.

2. Nonpublic personal financial information does not include any list of individuals' names and addresses that contains only publicly available information, is not derived in whole or in part using personally identifiable financial information that is not publicly available, and is not disclosed in a manner that indicates that any of the individuals on the list is a consumer of a financial institution.

(20) "Nonpublic personal health information" means health information:

(a) That identifies an individual who is the subject of the information; or

(b) With respect to which there is a reasonable basis to believe that the information could be used to identify an individual.

(21)

(a) "Personally identifiable financial information" means any information:
1. A consumer provides to a licensee to obtain an insurance product or service from the licensee;

2. About a consumer resulting from a transaction involving an insurance product or service between a licensee and a consumer; or

3. The licensee otherwise obtains about a consumer in connection with providing an insurance product or service to a consumer.

(b) The following are examples of personally identifiable financial information:
1. Information a consumer provides to a licensee on an application to obtain an insurance product or service;

2. Account balance information and payment history;

3. The fact that an individual is or has been one of the licensee's customers or has obtained an insurance product or service from the licensee;

4. Any information about the licensee's consumer if it is disclosed in a manner that indicates that the individual is or has been the licensee's consumer;

5. Any information that a consumer provides to a licensee or that the licensee or its agent otherwise obtains in connection with collecting on a loan or servicing a loan;

6. Any information the licensee collects through an Internet cookie (an information-collecting device from a web server); and,

7. Information from a consumer report.

(c) Personally identifiable financial information does not include:
1. Health information;

2. A list of names and addresses of customers of an entity that is not a financial institution; and,

3. Information that does not identify a consumer, such as aggregate information or blind data that does not contain personal identifiers such as account numbers, names or addresses.

(22)

(a) "Publicly available information" means any information that a licensee has a reasonable basis to believe is lawfully made available to the general public from:
1. Federal, state or local government records;

2. Widely distributed media; or

3. Disclosures to the general public that are required to be made by federal, state or local law.

(b) Reasonable basis. A licensee has a reasonable basis to believe that information is lawfully made available to the general public if the licensee has taken steps to determine:
1. That the information is of the type that is available to the general public; and,

2. Whether an individual can direct that the information not be made available to the general public and, if so, that the licensee's consumer has not done so.

(c) Examples.
1. Government records. Publicly available information in government records includes information in government real estate records and security interest filings.

2. Widely distributed media. Publicly available information from widely distributed media includes information from a telephone book, a television or radio program, a newspaper or a website that is available to the general public on an unrestricted basis. A web site is not restricted merely because an Internet service provider or a site operator requires a fee or a password, so long as access is available to the general public.

3. Reasonable basis.
a. A licensee has a reasonable basis to believe that mortgage information is lawfully made available to the general public if the licensee has determined that the information is of the type included on the public record in the jurisdiction where the mortgage would be recorded.

b. A licensee has a reasonable basis to believe that an individual's telephone number is lawfully made available to the general public if the licensee has located the telephone number in the telephone book or the consumer has informed you that the telephone number is not unlisted.

Rulemaking Authority 624.308, 626.9651 FS. Law Implemented 624.307(1), 626.9651 FS.

New 12-16-01, Formerly 4-128.002.

Disclaimer: These regulations may not be the most recent version. Florida may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.