Current through Register Vol. 46, No. 39, September 25, 2024
(a) Exceptions to opt out requirements. The
requirements for initial notice to consumers in section
420.4(a)(2) of
this Part, and the opt out provisions in sections 420.7 and
420.10 of this Part and their
application to service providers and joint marketing in as described in section
420.13 of this Part, do not apply
when a licensee discloses nonpublic personal financial information:
(1) with the consent or at the direction of
the consumer, provided that the consumer has not revoked the consent or
direction (see subdivision [b] of this section);
(2)
(i) to
protect the confidentiality or security of a licensee's records pertaining to
the consumer, service, product or transaction;
(ii) to protect against or prevent actual or
potential fraud or unauthorized transactions, claims, or other
liabilities;
(iii) for required
institutional risk control or for resolving consumer disputes or
inquiries;
(iv) to persons holding
a legal or beneficial interest relating to the consumer; or
(v) to persons acting in a fiduciary or
representative capacity on behalf of the consumer;
(3) to provide information to insurance rate
advisory organizations, guaranty funds or agencies, agencies that are rating a
licensee, persons that are assessing the licensee's compliance with industry
standards, and the licensee's attorneys, accountants, and auditors;
(4) to the extent specifically permitted or
required under other provisions of law and in accordance with the Federal Right
to Financial Privacy Act of 1978 (12 U.S.C.
3401 et seq.), to law enforcement agencies
(including the Federal Reserve Board, Office of the Comptroller of the
Currency, Federal Deposit Insurance Corporation, Office of Thrift Supervision,
National Credit Union Administration, the Securities and Exchange Commission,
the Secretary of the Treasury, with respect to 31 U.S.C. chapter 53, subchapter
II [records and reports on monetary instruments and transactions] and 12 U.S.C.
chapter 21 [financial recordkeeping], a State insurance or banking authority
and the Federal Trade Commission), self-regulatory organizations, or for an
investigation on a matter related to public safety;
(5)
(i) to
a consumer reporting agency in accordance with the Federal Fair Credit
Reporting Act (15 U.S.C.
1681 et seq.) and the New York Fair Credit
Reporting Act (General Business Law, article 25); or
(ii) from a consumer report reported by a
consumer reporting agency;
(6) in connection with a proposed or actual
sale, merger, transfer or exchange of all or a portion of a business or
operating unit if the disclosure of nonpublic personal financial information
concerns solely consumers of such business or unit;
(7)
(i) to
comply with Federal, State, or local laws, rules and other applicable legal
requirements;
(ii) to comply with a
properly authorized civil, criminal or regulatory investigation, or subpoena or
summons by Federal, State or local authorities; or
(iii) to respond to judicial process or
government regulatory authorities having jurisdiction over a licensee for
examination, compliance or other purposes as authorized by law; or
(8) for purposes related to the
replacement of a group benefit plan, a group health plan, a group welfare plan
or a workers' compensation plan.
(b) Example of revocation of consent. A
consumer may revoke consent by subsequently exercising the right to opt out of
future disclosures of nonpublic personal financial information as permitted
under section
420.7(f) of this
Part.