New York Codes, Rules and Regulations
Title 11 - INSURANCE
Chapter XIX - Privacy Of Consumer Financial and health Information
Part 420 - Privacy Of Consumer Financial And Health Information
General Provisions
Section 420.3 - Definitions

Current through Register Vol. 46, No. 39, September 25, 2024

As used in this Part, unless the context requires otherwise:

(a) Affiliate means any company that controls, is controlled by, or is under common control with another company.

(b)

(1) Clear and conspicuous means that a notice is reasonably understandable and designed to call attention to the nature and significance of the information in the notice.

(2) Examples.
(i) Reasonably understandable. A licensee makes its notice reasonably understandable if it:
(a) presents the information contained in the notice in clear, concise sentences, paragraphs and sections;

(b) uses short explanatory sentences or bullet lists whenever possible;

(c) uses definite, concrete, everyday words and active voice whenever possible;

(d) avoids multiple negatives;

(e) avoids legal and highly technical business terminology whenever possible; and

(f) avoids explanations that are imprecise and readily subject to different interpretations.

(ii) Designed to call attention. A licensee designs its notice to call attention to the nature and significance of the information in it if the licensee:
(a) uses a plain-language heading to call attention to the notice;

(b) uses a typeface and type size that are easy to read;

(c) provides wide margins and ample line spacing;

(d) uses boldface or italics for key words; and

(e) in a form that combines the licensee's notice with other information, uses distinctive type size, style, and graphic devices, such as shading or sidebars.

(iii) Notices on web sites. If a licensee provides a notice on a web page, the licensee designs its notice to call attention to the nature and significance of the information in it if the licensee uses text or visual cues to encourage scrolling down the page if necessary to view the entire notice and ensure that other elements on the web site (such as text, graphics, hyperlinks, or sound) do not distract attention from the notice, and the licensee either:
(a) places the notice on a web page that consumers frequently access, such as a homepage or a page on which transactions are conducted; or

(b) places a link on a web page that consumers frequently access, such as a homepage or a page on which transactions are conducted, that connects directly to the notice and is labeled appropriately to convey the importance, nature, and relevance of the notice.

(c) Collect means to obtain information that the licensee organizes or can retrieve by the name of an individual or by identifying number, symbol or other identifying particular assigned to the individual, irrespective of the source of the underlying information.

(d) Company means a corporation, limited liability company, business trust, general or limited partnership, association, sole proprietorship or similar organization.

(e)

(1) Consumer means an individual who, in this State, seeks to obtain, obtains or has obtained an insurance product or service, directly or through a legal representative, from a licensee that is to be used primarily for personal, family, or household purposes, and about whom the licensee has nonpublic personal information.

(2) Examples.
(i) An individual who provides nonpublic personal information to a licensee in connection with seeking to obtain or obtaining financial, investment or economic advisory services in this State relating to an insurance product or service is a consumer regardless of whether the licensee establishes an ongoing advisory relationship.

(ii) An applicant for insurance prior to the inception of insurance coverage is a licensee's consumer.

(iii) An individual who is a consumer of another financial institution is not a licensee's consumer solely because the licensee is acting as agent for, or provides processing or other services to, that financial institution.

(iv) An individual is a licensee's consumer if:
(a)
(1) the individual is a beneficiary of a life insurance policy underwritten by the licensee;

(2) the individual is a claimant under an insurance policy issued by the licensee;

(3) the individual is an insured or an annuitant under an insurance policy or annuity, respectively, issued by the licensee; or

(4) the individual is a mortgagor of a mortgage covered under a mortgage insurance policy issued by the licensee; and

(b) the licensee discloses nonpublic personal financial information about the individual to a nonaffiliated third party other than as permitted under section 420.13, 420.14 or 420.15 of this Part.

(v) Provided that the licensee provides the initial, annual and revised notices under sections 420.4, 420.5 and 420.8 of this Part to the plan sponsor, workers' compensation plan participant, group or blanket insurance policyholder or group annuity contract holder, and further provided that the licensee does not disclose to a nonaffiliated third party nonpublic personal financial information about such an individual other than as permitted under section 420.13, 420.14 or 420.15 of this Part, an individual is not the licensee's consumer solely because he or she is:
(a) a participant or a beneficiary of an employee benefit plan that the licensee administers or sponsors or for which the licensee acts as a trustee, insurer or fiduciary;

(b) covered under a group or blanket insurance or group annuity contract issued by the licensee; or

(c) a beneficiary in a workers' compensation plan.

(vi)
(a) The individuals described in clauses (v)(a), (b) and (c) of this paragraph are consumers of a licensee if the licensee does not meet all the conditions of subparagraph (v) of this paragraph.

(b) In no event shall the individuals, solely by virtue of the status described in clause (v)(a), (b) or (c) of this paragraph, be deemed to be customers for purposes of this Part.

(vii) An individual is not a licensee's consumer solely because he or she is a beneficiary of a trust for which the licensee is a trustee.

(viii) An individual is not a licensee's consumer solely because he or she has designated the licensee as trustee for a trust.

(f) Consumer reporting agency has the same meaning as in section 603(f) of the Federal Fair Credit Reporting Act (15 U.S.C. 1681a [f]) and section 380-a(e) of the New York Fair Credit Reporting Act (General Business Law, article 25).

(g) Control means:

(1) ownership, control or power to vote 25 percent or more of the outstanding shares of any class of voting security of the company, directly or indirectly, or acting through one or more other persons;

(2) control in any manner over the election of a majority of the directors, trustees or general partners (or individuals exercising similar functions) of the company; or

(3) the power to exercise, directly or indirectly, a controlling influence over the management or policies of the company, as the superintendent determines.

(h) Customer means a consumer who has a customer relationship with a licensee.

(i)

(1) Customer relationship means a continuing relationship between a consumer and a licensee under which the licensee provides one or more insurance products or services in this State to the consumer that are to be used primarily for personal, family, or household purposes.

(2) Examples.
(i) Continuing relationship. A consumer has a continuing relationship with a licensee if:
(a) the consumer is a current policyholder of an insurance product issued by or through the licensee; or

(b) the consumer obtains financial, investment or economic advisory services relating to an insurance product or service from the licensee for a fee.

(ii) No continuing relationship. A consumer does not have a continuing relationship with a licensee if:
(a) the consumer applies for insurance but does not purchase the insurance;

(b) the licensee sells the consumer airline travel insurance in an isolated transaction;

(c) the individual is no longer a current policyholder of an insurance product or no longer obtains insurance services with or through the licensee;

(d) the consumer is a beneficiary or claimant under a policy;

(e) the customer's policy is lapsed, expired, or otherwise inactive or dormant under the licensee's business practices, and the licensee has not communicated with the customer about the relationship for a period of 12 consecutive months, other than annual privacy notices, material required by law or regulation, communication at the direction of a State or Federal authority, or promotional materials; or

(f) the individual is an insured or an annuitant under an insurance policy or annuity, respectively, but is not the policyholder or owner of the insurance policy or annuity.

(j)

(1) Financial institution means any institution the business of which is engaging in activities that are financial in nature or incidental to such financial activities as described in section 4(k) of the Bank Holding Company Act of 1956 (12 U.S.C. 1843 [k]).

(2) Financial institution does not include:
(i) any person or entity with respect to any financial activity that is subject to the jurisdiction of the Commodity Futures Trading Commission under the Commodity Exchange Act (7 U.S.C. 1 et seq.);

(ii) the Federal Agricultural Mortgage Corporation or any entity charged and operating under the Farm Credit Act of 1971 (12 U.S.C. 2001 et seq.); or

(iii) institutions chartered by Congress specifically to engage in securitizations, secondary market sales (including sales of servicing rights) or similar transactions related to a transaction of a consumer, as long as the institutions do not sell or transfer nonpublic personal information to a nonaffiliated third party.

(k)

(1) Financial product or service means any product or service that a financial holding company could offer by engaging in an activity that is financial in nature or incidental to such a financial activity under section 4(k) of the Bank Holding Company Act of 1956 (12 U.S.C. 1843 [k]).

(2) Financial service includes a financial institution's evaluation or brokerage of information that the financial institution collects in connection with a request or an application from a consumer for a financial product or service.

(l) Health care means:

(1) preventive, diagnostic, therapeutic, rehabilitative, maintenance, or palliative care, services, procedures, tests or counseling that:
(i) relates to the physical, mental or behavioral condition of an individual; or

(ii) affects the structure or function of the human body or any part of the human body, including the banking of blood, sperm, organs, or any other tissue; or

(2) prescribing, dispensing, or furnishing to an individual drugs or biologicals, or medical devices or health care equipment and supplies.

(m) Health care provider means a physician or other health care practitioner licensed, accredited or certified to perform specified health services consistent with State law, or a health care facility.

(n) Health information means any information or data except age or gender, whether oral or recorded in any form or medium, created by or derived from a health care provider or the consumer that relates to:

(1) the past, present or future physical, mental or behavioral health or condition of any individual or a member of the individual's family;

(2) the provision of health care to any individual; or

(3) payment for the provision of health care to any individual.

(o)

(1) Insurance product or service means any product or service that is offered by a licensee pursuant to the insurance laws of this State.

(2) Insurance service includes a licensee's evaluation, brokerage or distribution of information that the licensee collects in connection with a request or an application from a consumer for an insurance product or service.

(p)

(1) Licensee means a person licensed, or required to be licensed, or authorized, or required to be authorized, or registered, or required to be registered pursuant to the Insurance Law of this State; a health maintenance organization holding, or required to hold, a certificate of authority pursuant to article 44 of the Public Health Law; or an unauthorized insurer in regard to the excess line business conducted pursuant to section 2118 of the Insurance Law and Part 27 of this Title (Regulation 41); but shall not include a registered service contract provider, charitable annuity society, or a licensed viatical settlement company or viatical settlement broker.

(2)
(i) A licensee is not subject to the notice and opt out requirements for nonpublic personal financial information set forth in sections 420.4 through 420.9 of this Part if the licensee is an employee, agent, sublicensee, or other representative of another licensee (the principal) and:
(a) the principal otherwise complies with, and provides the notices required by, the provisions of this Part; and

(b) the licensee does not disclose any nonpublic personal information of a consumer or customer to any person other than the principal from or through which such consumer or customer seeks to obtain or has obtained a product or service, or its affiliates in a manner permitted by this Part.

(ii) Examples of employee, agent or other representative of a principal:
(a) an insurance broker, public adjuster or other licensee who is employed by another insurance broker, public adjuster or other licensee;

(b) an independent adjuster adjusting a claim or benefit on behalf of an insurer;

(c) an insurance agent of an insurer;

(d) an insurance broker that has binding authority for an insurer; or

(e) a sublicensee of a licensee, whether or not the sublicensee is licensed in any other capacity.

(3) An excess line broker or unauthorized insurer shall be deemed to be in compliance with the notice and opt out requirements for nonpublic personal financial information set forth in sections 420.4 through 420.9 of this Part provided:
(i) the broker or insurer does not disclose nonpublic personal information of a consumer or a customer to nonaffiliated third parties for any purpose, including joint servicing or marketing under section 420.13 of this Part, except as permitted by sections 420.14 and 420.15 of this Part; and

(ii) the broker or insurer delivers a notice to the consumer at the time a customer relationship is established on which the following clear and conspicuous notice is set forth:

PRIVACY NOTICE

"NEITHER THE U.S. BROKER(S) THAT HANDLED THIS INSURANCE NOR THE INSURER(S) THAT HAS (HAVE) UNDERWRITTEN THIS INSURANCE WILL DISCLOSE NONPUBLIC PERSONAL INFORMATION CONCERNING THE BUYER TO NONAFFILIATES OF THE BROKER(S) OR THE INSURER(S) EXCEPT AS PERMITTED BY LAW."

(q)

(1) Nonaffiliated third party means any person except:
(i) a licensee's affiliate; or

(ii) a person employed jointly by a licensee and any company that is not the licensee's affiliate (but nonaffiliated third party includes the other company that jointly employs the person).

(2) Nonaffiliated third party includes any company that is an affiliate solely by virtue of the licensee's or its affiliate's direct or indirect ownership or control of the company in conducting:
(i) merchant banking or investment banking activities of the type described in section 4(k)(4)(H) of the Federal Bank Holding Company Act of 1956 (12 U.S.C. 1843 [k][4][H]); or

(ii) insurance company investment activities of the type described in section 4(k)(4)(I) of the Federal Bank Holding Company Act of 1956 (12 U.S.C. 1843 [k][4][I]).

(r) Nonpublic personal information means nonpublic personal financial information and nonpublic personal health information.

(s)

(1) Nonpublic personal financial information means:
(i) personally identifiable financial information; and

(ii) any list, description or other grouping of consumers (and publicly available information pertaining to them) that is derived using any personally identifiable financial information other than publicly available information.

(2) Nonpublic personal financial information does not include:
(i) health information;

(ii) publicly available information, except as included on a list described in subparagraph (1)(ii) of this subdivision; or

(iii) any list, description or other grouping of consumers (and publicly available information pertaining to them) that is derived without using any personally identifiable financial information other than publicly available information.

(3) Examples of lists.
(i) Nonpublic personal financial information includes any list of individuals' names and street addresses that is derived in whole or in part using personally identifiable financial information other than publicly available information, such as account numbers.

(ii) Nonpublic personal financial information does not include any list of individuals' names and addresses that contains only publicly available information, is not derived in whole or in part using personally identifiable financial information other than publicly available information, and is not disclosed in a manner that indicates that any of the individuals on the list is a consumer of a financial institution.

(t) Nonpublic personal health information means health information:

(1) that identifies an individual who is the subject of the information; or

(2) with respect to which there is a reasonable basis to believe that the information could be used to identify an individual.

(u)

(1) Personally identifiable financial information means any information:
(i) a consumer provides to a licensee to obtain an insurance product or service from the licensee;

(ii) about a consumer resulting from a transaction involving an insurance product or service between a licensee and a consumer; or

(iii) a licensee otherwise obtains about a consumer in connection with providing an insurance product or service to that consumer.

(2) Examples.
(i) Information included. Personally identifiable financial information includes:
(a) information a consumer provides to a licensee on an application to obtain an insurance product or service;

(b) account balance information and payment history;

(c) the fact that an individual is or has been one of the licensee's customers or has obtained an insurance product or service from the licensee;

(d) any information about a licensee's consumer if it is disclosed in a manner that indicates that the individual is or has been the licensee's consumer;

(e) any information that a consumer provides to the licensee or that the licensee or its agent otherwise obtains in connection with collecting on a policy loan or servicing a policy loan;

(f) any information the licensee collects through an Internet "cookie" (an information collecting device from a web server) to the extent that such information constitutes personally identifiable information; and

(g) information from a consumer report.

(ii) Information not included. Personally identifiable financial information does not include:
(a) health information;

(b) a list of names and addresses of customers of an entity that is not a financial institution; and

(c) information that does not identify a consumer, such as aggregate information or blind data that does not contain personal identifiers such as account numbers, names or addresses.

(v)

(1) Publicly available information means any information that a licensee has a reasonable basis to believe is lawfully made available to the general public from:
(i) Federal, State or local government records;

(ii) widely distributed media; or

(iii) disclosures to the general public that are required to be made by Federal, State or local law.

(2) Reasonable basis. A licensee has a reasonable basis to believe that information is lawfully made available to the general public if the licensee has taken steps to determine:
(i) that the information is of the type that is available to the general public; and

(ii) whether an individual can direct that the information not be made available to the general public and, if so, that the licensee's consumer has not done so.

(3) Examples.
(i) Government records. Publicly available information in government records includes information in Department of Motor Vehicles records that are made available to the public (even if such access requires the payment of a fee), government real estate records and security interest filings.

(ii) Widely distributed media. Publicly available information from widely distributed media includes information from a telephone book, a television or radio program, a newspaper or a web site that is available to the general public on an unrestricted basis. A web site is not restricted merely because an Internet service provider or a site operator requires a fee or a password, so long as access is available to the general public.

(iii) Reasonable basis.
(a) A licensee has a reasonable basis to believe that motor vehicle or mortgage information is lawfully made available to the general public if the licensee has determined that the information is of the type made available to the public as part of the public record.

(b) The licensee has a reasonable basis to believe that an individual's telephone number is lawfully made available to the general public if the licensee has located the telephone number in the telephone book or the consumer has informed the licensee that the telephone number is not unlisted.

Disclaimer: These regulations may not be the most recent version. New York may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.