Code of Maryland Regulations
Title 31 - MARYLAND INSURANCE ADMINISTRATION
Subtitle 16 - MISCELLANEOUS
Chapter 31.16.08 - Privacy of Consumer Financial and Health Information
Section 31.16.08.03 - Definitions

Universal Citation: MD Code Reg 31.16.08.03

Current through Register Vol. 51, No. 19, September 20, 2024

A. In this chapter, the following terms have the meanings indicated.

B. Terms Defined.

(1) "Affiliate" means a company that controls, is controlled by, or is under common control with another company.

(2) "Clear and conspicuous notice" means a notice that is:
(a) Reasonably understandable; and

(b) Designed to call attention to the nature and significance of the information in the notice.

(3) "Collect" means to obtain information that the licensee organizes or can retrieve by the name of an individual or by identifying number, symbol, or other identifying particular assigned to the individual, irrespective of the source of the underlying information.

(4) "Commissioner" means the Maryland Insurance Commissioner.

(5) "Company" means a corporation, limited liability company, business trust, general or limited partnership, association, sole proprietorship, or similar organization.

(6) "Consumer" has the meaning stated in §C of this regulation.

(7) "Consumer reporting agency" has the meaning stated in § 603(f) of the federal Fair Credit Reporting Act, 15 U.S.C. § 1681a(f).

(8) "Control" means:
(a) Ownership, control, or power to vote 25 percent or more of the outstanding shares of any class of voting security of the company, directly or indirectly, or acting through one or more other persons;

(b) Control in any manner over the election of a majority of the directors, trustees, general partners, or individuals exercising similar functions of the company; or

(c) The power to exercise, directly or indirectly, a controlling influence over the management or policies of the company, as the Commissioner determines.

(9) "Customer" means a consumer who has a customer relationship with a licensee.

(10) Customer Relationship.
(a) "Customer relationship" means a continuing relationship between a consumer and a licensee under which the licensee provides one or more insurance products or insurance services to the consumer that are to be used primarily for personal, family, or household purposes.

(b) "Customer relationship" includes a relationship between a licensee and a consumer who:
(i) Is a current policyholder of an insurance product issued by or through the licensee; or

(ii) Obtains financial, investment, or economic advisory services relating to an insurance product or insurance service from the licensee for a fee.

(c) "Customer relationship" does not include a relationship between a licensee and:
(i) A consumer who applies for insurance but does not purchase the insurance;

(ii) A consumer who purchases from the licensee airline travel insurance in an isolated transaction;

(iii) An individual who is no longer a current policyholder of an insurance product or who no longer obtains insurance services with or through the licensee;

(iv) A consumer who is a beneficiary or claimant under a policy and who has submitted a claim under a policy choosing a settlement option involving an ongoing relationship with the licensee;

(v) A consumer who is a beneficiary or a claimant under a policy and who has submitted a claim under that policy choosing a lump sum settlement option;

(vi) A customer whose policy is lapsed, expired, or otherwise inactive or dormant under the licensee's business practices, if the licensee has not communicated with the customer about the relationship for a period of 12 consecutive months, other than annual privacy notices, material required by law or regulation, communication at the direction of a state or federal authority, or promotional materials;

(vii) An individual who is an insured or an annuitant under an insurance policy or annuity, respectively, but is not the policyholder or owner of the insurance policy or annuity;

(viii) An individual whose last-known address, according to the licensee's records, is deemed invalid because mail sent by the licensee to that address has been returned by the postal authorities as undeliverable and subsequent attempts by the licensee to obtain a current valid address for the individual have been unsuccessful;

(ix) An individual solely because the individual is a participant or a beneficiary of an employee benefit plan that the licensee administers or sponsors or for which the licensee acts as a trustee, insurer, or fiduciary;

(x) An individual solely because the individual is covered under a group or blanket insurance policy or group annuity contract issued by the licensee; or

(xi) An individual solely because the individual is a beneficiary in a workers' compensation plan underwritten by the licensee.

(11) Financial Institution.
(a) "Financial institution" means any institution the business of which is engaging in activities that are financial in nature or incidental to the financial activities as described in § 4(k) of the Bank Holding Company Act of 1956, 12 U.S.C. § 1843(k).

(b) "Financial institution" does not include:
(i) Any person with respect to any financial activity that is subject to the jurisdiction of the Commodity Futures Trading Commission under the Commodity Exchange Act, 7 U.S.C. § 1 et seq.;

(ii) The Federal Agricultural Mortgage Corporation or any person charged and operating under the Farm Credit Act of 1971, 12 U.S.C. § 2001 et seq.; or

(iii) Institutions chartered by Congress specifically to engage in securitizations, secondary market sales (including sales of servicing rights), or similar transactions related to a transaction of a consumer, as long as the institutions do not sell or transfer nonpublic personal information to a nonaffiliated third party.

(12) "Financial product" means a product that a financial holding company could offer by engaging in an activity that is financial in nature or incidental to a financial activity under § 4(k) of the Bank Holding Company Act of 1956, 12 U.S.C. § 1843(k).

(13) Financial Service.
(a) "Financial service" means a service that a financial holding company could offer by engaging in an activity that is financial in nature or incidental to a financial activity under § 4(k) of the Bank Holding Company Act of 1956, 12 U.S.C. § 1843(k).

(b) "Financial service" includes a financial institution's evaluation or brokerage of information that the financial institution collects in connection with a request or an application from a consumer for a financial product or financial service.

(14) "Health care" means:
(a) Providing preventive, diagnostic, therapeutic, rehabilitative, maintenance, or palliative care, services, procedures, tests, or counseling that:
(i) Relates to the physical, mental, or behavioral condition of an individual; or

(ii) Affects the structure or function of the human body or any part of the human body, including the banking of blood, sperm, organs, or any other tissue; or

(b) Prescribing, dispensing, or furnishing to an individual drugs or biologicals, or medical devices or health care equipment and supplies.

(15) Health Care Provider.
(a) "Health care provider" means a health care facility, physician, or other health care practitioner licensed, accredited, certified, or otherwise authorized to perform specified health services consistent with state law.

(b) "Health care provider" includes the agents, employees, officers, and directors of a health care provider.

(16) "Health information" means any information or data except age or gender, whether oral or recorded in any form or medium, created by or derived from a health care provider or the consumer that relates to:
(a) The past, present, or future physical, mental, or behavioral health or condition of an individual;

(b) The provision of health care to an individual; or

(c) Payment for the provision of health care to an individual.

(17) "Insurance product" means any product that is offered by a licensee pursuant to the insurance laws of this State.

(18) Insurance Service.
(a) "Insurance service" means any service that is offered by a licensee pursuant to the insurance laws of this State.

(b) "Insurance service" includes a licensee's evaluation, brokerage, or distribution of information that the licensee collects in connection with a request or an application from a consumer for an insurance product or insurance service.

(19) Licensee.
(a) "Licensee" means a person licensed or required to be licensed, registered or required to be registered, or otherwise authorized or required to be authorized by the Commissioner.

(b) "Licensee" includes an unauthorized insurer that accepts business placed through a licensed surplus lines broker in the State, but only in regard to the business placed pursuant to Insurance Article, § 3-306, Annotated Code of Maryland.

(20) Nonaffiliated Third Party.
(a) "Nonaffiliated third party" means any person except:
(i) A licensee's affiliate; or

(ii) A person employed jointly by a licensee and any company that is not the licensee's affiliate.

(b) "Nonaffiliated third party" includes:
(i) A company that is not the licensee's affiliate that jointly employs a person with the licensee; and

(ii) Any company that is an affiliate solely by virtue of the direct or indirect ownership or control of the company by the licensee or its affiliate in conducting merchant banking or investment banking activities of the type described in § 4(k)(4)(H) or insurance company investment activities of the type described in § 4(k)(4)(I) of the federal Bank Holding Company Act, 12 U.S.C. § 1843(k)(4)(H) and (I).

(21) "Nonpublic personal information" means nonpublic personal financial information and nonpublic personal health information.

(22) Nonpublic Personal Financial Information.
(a) "Nonpublic personal financial information" means:
(i) Personally identifiable financial information; and

(ii) Any list, description, or other grouping of consumers and publicly available information pertaining to them that is derived using any personally identifiable financial information that is not publicly available.

(b) "Nonpublic personal financial information" includes a list of individuals' names and street addresses that is derived in whole or in part using personally identifiable financial information that is not publicly available, such as account numbers.

(c) "Nonpublic personal financial information" does not include:
(i) Health information;

(ii) Publicly available information, except as included on a list described in §B(22)(a)(ii) of this regulation;

(iii) Any list, description, or other grouping of consumers and publicly available information pertaining to them that is derived without using any personally identifiable financial information that is not publicly available; or

(iv) A list of individuals' names and addresses that contains only publicly available information, is not derived in whole or in part using personally identifiable financial information that is not publicly available, and is not disclosed in a manner that indicates that any of the individuals on the list is a consumer of a financial institution.

(23) "Nonpublic personal health information" means health information:
(a) That identifies an individual who is the subject of the information; or

(b) With respect to which there is a reasonable basis to believe that the information could be used to identify an individual.

(24) "Opt out" means a direction by the consumer that the licensee not disclose nonpublic personal financial information about that consumer to a nonaffiliated third party, other than as permitted by Regulations .14, .15, and .16 of this chapter.

(25) Personally Identifiable Financial Information.
(a) "Personally identifiable financial information" means any information:
(i) A consumer provides to a licensee to obtain an insurance product or insurance service from the licensee;

(ii) About a consumer resulting from a transaction involving an insurance product or insurance service between a licensee and a consumer; or

(iii) The licensee otherwise obtains about a consumer in connection with providing an insurance product or insurance service to that consumer.

(b) "Personally identifiable financial information" includes:
(i) Information a consumer provides to a licensee on an application to obtain an insurance product or insurance service;

(ii) Account balance information and payment history;

(iii) The fact that an individual is or has been one of the licensee's customers or has obtained an insurance product or insurance service from the licensee;

(iv) Any information about the licensee's consumer if it is disclosed in a manner that indicates that the individual is or has been the licensee's consumer;

(v) Any information that a consumer provides to a licensee or that the licensee or its agent otherwise obtains in connection with collecting on a loan or servicing a loan;

(vi) Any information the licensee collects through an Internet cookie (an information-collecting device from a web server); and

(vii) Information from a consumer report.

(c) "Personally identifiable financial information" does not include:
(i) Health information;

(ii) A list of names and addresses of customers of an entity that is not a financial institution; and

(iii) Information that does not identify a consumer, such as aggregate information or blind data that does not contain personal identifiers such as account numbers, names, or addresses.

(26) "Publicly available information" means any information for which a licensee:
(a) Has a reasonable basis to believe is lawfully made available to the general public from:
(i) Federal, state, or local government records;

(ii) Widely distributed media; or

(iii) Disclosures to the general public that are required to be made by federal, state, or local law; and

(b) Has established the reasonable basis required by §B(26)(a) of this regulation by taking steps to determine:
(i) That the information is of the type that is available to the general public; and

(ii) Whether an individual can direct that the information not be made available to the general public and, if so, that the licensee's consumer has not done so.

C. "Consumer" Defined.

(1) "Consumer" means an individual:
(a) Who seeks to obtain, obtains, or has obtained an insurance product or insurance service from a licensee that is to be used primarily for personal, family, or household purposes; and

(b) About whom the licensee has nonpublic personal information.

(2) "Consumer" includes:
(a) The legal representative of a consumer;

(b) An individual who provides nonpublic personal information to a licensee in connection with obtaining or seeking to obtain financial, investment, or economic advisory services relating to an insurance product or insurance service regardless of whether the licensee establishes an ongoing advisory relationship;

(c) An applicant for insurance before the inception of insurance coverage;

(d) If a licensee discloses nonpublic personal financial information about the individual to a nonaffiliated third party other than as permitted under Regulations .14, .15, and .16 of this chapter, an individual who is:
(i) A beneficiary of a life insurance policy underwritten by the licensee;

(ii) A claimant under an insurance policy issued by the licensee;

(iii) An insured or annuitant under an insurance policy or annuity issued by the licensee; or

(iv) A mortgagor under a mortgage insurance policy issued by the licensee;

(e) A participant or a beneficiary of an employee benefit plan that a licensee administers or sponsors or for which a licensee acts as a trustee, insurer, or fiduciary if the licensee:
(i) Does not provide the initial, annual, and revised notices under Regulations .05, .06, and .09 of this chapter to the plan sponsor; or

(ii) Discloses to a nonaffiliated third party nonpublic personal financial information other than as permitted under Regulations .14, .15, and .16 of this chapter;

(f) An individual who is covered under a group or blanket insurance policy or group annuity contract issued by the licensee if the licensee:
(i) Does not provide the initial, annual, and revised notices under Regulations .05, .06, and .09 of this chapter to the group or blanket insurance policyholder or group annuity contract holder; or

(ii) Discloses to a nonaffiliated third party nonpublic personal financial information other than as permitted under Regulations .14, .15, and .16 of this chapter; and

(g) An individual who is a beneficiary in a workers' compensation plan underwritten by the licensee if the licensee:
(i) Does not provide the initial, annual, and revised notices under Regulations .05, .06, and .09 of this chapter to the workers' compensation plan participant; or

(ii) Discloses to a nonaffiliated third party nonpublic personal financial information other than as permitted under Regulations .14, .15, and .16 of this chapter.

(3) "Consumer" does not include:
(a) An individual who is a consumer of another financial institution solely because the licensee is acting as an agent for, or provides processing or other services to, that financial institution;

(b) An individual solely because the individual is a beneficiary of a trust for which a licensee is a trustee;

(c) An individual solely because the individual has designated a licensee as trustee for a trust;

(d) An individual solely because the individual is a participant or a beneficiary of an employee benefit plan that a licensee administers or sponsors or for which a licensee acts as a trustee, insurer, or fiduciary if the licensee:
(i) Provides the initial, annual, and revised notices under Regulations .05, .06, and .09 of this chapter to the plan sponsor; and

(ii) Does not disclose to a nonaffiliated third party nonpublic personal financial information about the individual other than as permitted under Regulations .14, .15, and .16 of this chapter;

(e) An individual solely because the individual is covered under a group or blanket insurance policy or group annuity contract issued by a licensee if the licensee:
(i) Provides the initial, annual, and revised notices under Regulations .05, .06, and .09 of this chapter to the group or blanket insurance policyholder or group annuity contract holder; and

(ii) Does not disclose to a nonaffiliated third party nonpublic personal financial information about the individual other than as permitted under Regulations .14, .15, and .16 of this chapter; or

(f) An individual solely because the individual is a beneficiary in a workers' compensation plan underwritten by a licensee if the licensee:
(i) Provides the initial, annual, and revised notices under Regulations .05, .06, and .09 of this chapter to the workers' compensation plan participant; and

(ii) Does not disclose to a nonaffiliated third party nonpublic personal financial information about the individual other than as permitted under Regulations .14, .15, and .16 of this chapter.

Disclaimer: These regulations may not be the most recent version. Maryland may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.