Cal. Code Regs. Tit. 10, § 2689.7 - Information To Be Included in Privacy Notices

Current through Register 2021 Notice Reg. No. 52, December 24, 2021

(a) The initial, annual and revised privacy notices that a licensee provides under Sections 2689.5, 2689.6, and 2689.9 shall, at a minimum, include each of the following that applies to the licensee and to the consumers to whom the licensee sends its privacy notice:

(1) The categories of nonpublic personal information that the licensee collects;

(2) The categories of nonpublic personal information that the licensee discloses;

(3) The categories of affiliates and nonaffiliated third parties to whom the licensee discloses nonpublic personal information, and the general types of businesses in which the third parties engage if the information is disclosed pursuant to California Insurance Code Section 791.13(k);

(4) The categories of nonpublic personal information about the licensee's former customers that the licensee discloses and the categories of affiliates and nonaffiliated third parties to whom the licensee discloses nonpublic personal information about the licensee's former customers, if the information is disclosed pursuant to California Insurance Code Section 791.13(k);

(5) If a licensee wishes to disclose or reserve the right to disclose nonpublic personal financial information to an affiliate for marketing purposes without affirmative authorization or the right to opt out of that disclosure, a statement explaining that the licensee may disclose nonpublic personal financial information to affiliates for marketing purposes without obtaining prior authorization and the law does not allow customers to restrict that disclosure.

(6) An explanation of the consumer's right to opt out of the disclosure of nonpublic personal financial information to nonaffiliated third parties, including the methods by which the consumer may exercise that right at that time;

(7) Any disclosures that the licensee makes under Section603(d)(2)(A)(iii) of the federal Fair Credit Reporting Act ( 15 U.S.C. 1681 a(d)(2)(A)(iii) ) regarding the ability to opt out of disclosures of information among affiliates;

(8) The licensee's policies and practices with respect to protecting the confidentiality and security of nonpublic personal information, including a general description as to who is authorized to have access to the information;

(9) If applicable, a statement that the consumer has the right to access and request correction of recorded nonpublic personal information and a brief description of the manner in which those rights may be exercised; and

(10) The categories of disclosures that the licensee makes under California Insurance Code Section 791.13.

(11) If applicable, the statement required by California Insurance Code Section 791.04(b)(5).

(12) A licensee does not adequately categorize the information that it discloses if the licensee uses only general terms, such as transaction information about the consumer.

(b) If prior authorization is not required and a licensee reserves the right to disclose all of the nonpublic personal information about consumers that it collects, the licensee may simply state that fact without describing the categories or examples of nonpublic personal information that the licensee discloses.

(c) An abbreviated notice, as provided for in California Insurance Code Section 791.04(c), shall comply with California Insurance Code Section 791.04(c) and:

(1) Be clear and conspicuous;

(2) Describe a reasonable means by which the consumer may obtain the notice prescribed by California Insurance Code Section 791.04(b), such as calling a toll-free telephone number to request the notice. If the consumer is provided the abbreviated notice in person at the licensee's office, the abbreviated notice may state that the licensee maintains copies of the notice on hand which will be provided to the consumer immediately upon request; and

(3) If applicable, contain an opt-out notice complying with these regulations.

This section does not prohibit the use of multiple links on a website to different categories or levels of information, as long as they are designed to facilitate rather than impede access.

Notes

Cal. Code Regs. Tit. 10, § 2689.7

Note: Authority cited: Sections 791- 791.27, Insurance Code; and 15 U.S.C. Sections 6801, 6805 and 6807. Reference: Sections 791.04, 791.05,791.06 and 791.13, Insurance Code.

1. New section filed 11-22-2002; operative 3-24-2003 (Register 2002, No. 47).