New York Codes, Rules and Regulations
Title 11 - INSURANCE
Chapter XIX - Privacy Of Consumer Financial and health Information
Part 420 - Privacy Of Consumer Financial And Health Information
General Provisions
Section 420.0 - Preamble
Current through Register Vol. 46, No. 39, September 25, 2024
(a) Title V of the Gramm-Leach-Bliley Act (GLBA) (15 U.S.C. 6801, et seq.) requires financial institutions, including insurers, to protect the privacy of consumers and customers. Title V of GLBA requires that State insurance authorities establish appropriate consumer privacy standards for insurance providers.
(b) Section 505(c) (15 U.S.C. section 6805 [c]) of GLBA provides: "If a State insurance authority fails to adopt regulations to carry out this subtitle, such State shall not be eligible to override, pursuant to section 47(g)(2)(B)(iii) of the Federal Deposit Insurance Act (12 U.S.C. 1831 x), the insurance customer protections prescribed by a Federal banking agency under section 45(a) of such Act."
(c) Sections 502 and 503 of GLBA (15 U.S.C. sections 6802 and 6803) list specific protections that regulators shall implement. These include requirements that financial institutions maintain a privacy policy that is clearly communicated to consumers and customers, that no nonpublic personal financial information be disclosed to nonaffiliated third parties unless a consumer has been given a chance to "opt out" of having his or her information disclosed, and that no specific account information be given to direct marketing firms. The act also provides numerous exceptions to specific consumer protections.
(d) This Part provides that a licensee subject to the supervision of the Superintendent of Insurance who, in the conduct of the business of insurance in this State, violates the provisions of this Part shall be deemed to have engaged in an unfair method of competition or an unfair or deceptive act and practice in the conduct of the business of insurance in this State. Such act shall be deemed to be a trade practice constituting a determined violation, as defined in section 2402 (c) of the Insurance Law, in violation of section 2403 of such law.
(e) In addition to the foregoing, the Superintendent of Insurance possesses the authority pursuant to sections 201 and 301 of the Insurance Law to promulgate a regulation to delineate the responsibility of an Insurance Department licensee regarding the privacy of consumer and customer financial and health information which the licensee receives. Such authority is an exercise of the superintendent's power to promulgate regulations to effectuate any power given to the superintendent under the Insurance Law, including the provisions regarding transactions within a holding company system affecting controlled insurers (section 1505); relations and transactions between parent and subsidiary companies for life and property/casualty insurers (sections 1608 and 1712); minimum standards in the form, content, and sale of accident and health insurance policies and contracts (section 3217); and, as noted above, unfair methods of competition or unfair or deceptive acts and practices (article 24).