Cal. Code Regs. Tit. 10, § 2689.8 - Form of Opt Out Notice and Opt Out Methods

Current through Register 2021 Notice Reg. No. 52, December 24, 2021

(a) If a licensee is required to provide an opportunity to opt-out before it shares any nonpublic personal financial information with a nonaffiliated third party, it shall provide a clear and conspicuous notice to the consumer, that clearly states in 16-point boldface type "IMPORTANT PRIVACY CHOICES", or similarly highlights the purpose of the notice, so that the consumer may make a decision and provide direction to the licensee regarding the sharing of the consumer's nonpublic personal financial information.

If a licensee provides the opt out notice later than the initial notice, the licensee shall also include, with the opt-out notice, a copy of the initial notice in writing or, if the consumer agrees, electronically.

The notice shall state that the licensee discloses or reserves the right to disclose nonpublic personal financial information about its consumers to nonaffiliated third parties, that the consumer has the right to opt out of that disclosure, and set forth reasonable means by which the consumer may exercise the opt out right.

A licensee provides adequate notice that the consumer can prevent the disclosure of nonpublic personal financial information to a nonaffiliated third party if the licensee (1) identifies all of the categories of nonpublic personal financial information which it discloses or reserves the right to disclose, (2) all of the categories of nonaffiliated third parties to which it discloses the information, (3) states that the consumer can prevent the disclosure of that information, and identifies the insurance products or services that the consumer obtains from the licensee to which the opt out direction would apply.

A licensee provides a reasonable means to exercise an opt out right if it designates check-off boxes in a prominent position on the relevant forms with the opt out notice; includes a reply form together with the opt-out notice; provides an electronic means to opt out, such as a form that can be sent via electronic mail or a process at the licensee's web site, if the consumer agrees to the electronic delivery of information. Unless the consumer agrees to an electronic opt-out method, the licensee shall provide a self-addressed postage prepaid return envelope or a toll-free telephone number that consumers may use to opt out.

A licensee does not provide a reasonable means of opting out if, for example, the only means of opting out is for the consumer to write the consumer's own letter to exercise that opt out right, or the only means of opting out as described in any notice subsequent to the initial notice is to use a check-off box that the licensee provided with the initial notice but did not include with the subsequent notice.

(b) If a licensee mails the opt-out notice with information that is not a bill or renewal offer, the opt-out notice shall be the first page of the mailing.
(c) A licensee is not subject to the notice and opt out requirements for nonpublic personal financial information if the licensee is an employee or agent of another licensee ("the principal") and:
(1) The principal otherwise complies with, and provides the required notices; and
(2) The licensee does not disclose any nonpublic personal financial information to any person other than the principal or its affiliates in a manner permitted by California Insurance Code Sections 791- 791.27 or these regulations.

For purposes of these regulations, "agent" is defined in California Insurance Code Section 791.02(c) to include any person licensed pursuant to Chapters 5, 5A, 6, 7, or 8 and thus includes an insurance broker.

(d) When a consumer has declined to exercise the right to opt out in accordance with this section, the nonpublic personal financial information disclosed:
(1) May not exceed the scope of disclosure stated in the licensee's opt-out notice;
(2) May not include account number, or policy number information; and
(3) Shall comply with California Insurance Code Section 791.13(k)(1).
(e) If two or more consumers jointly obtain an insurance product or service from a licensee, the licensee may provide a single opt out notice, as long as the licensee gives clear and conspicuous notice that the notice is being provided on a joint basis and the consumers have given the licensee a single address of record or the licensee has other reasonable basis to believe that the notice will be adequately communicated to each individual entitled to receive notice.

The licensee's opt out notice shall explain how the licensee will treat an opt out direction by a joint consumer. Any of the joint consumers may exercise the right to opt out. The licensee may either treat an opt out direction by a joint consumer as applying to all of the associated joint consumers or permit each joint consumer to opt out separately. If a licensee permits each joint consumer to opt out separately, the licensee shall permit one of the joint consumers to opt out on behalf of all of the joint consumers. A licensee may not require all joint consumers to opt out before it implements any opt out direction. If one joint policyholder opts out and the other does not, the licensee may only disclose nonpublic personal financial information about the policyholder who did not opt out and may not disclose information relating to the policyholders jointly.

(f) A consumer may exercise the right to opt out at any time. A licensee may share marketing information with nonaffiliated third parties if a consumer does not respond within 30 days. A licensee shall not share information for marketing purposes before the conclusion of the 30-day time period. If a consumer provides an opt-out direction after the licensee has begun sharing nonpublic personal financial information, the licensee shall comply with the opt-out direction no later than 30 days after the licensee receives the opt out direction.
(g) A consumer's direction to opt out under this section is effective until the consumer revokes it in writing or electronically, at the consumer's choice.

When a customer relationship terminates, the customer's opt out direction continues to apply to the nonpublic personal financial information that the licensee collected during or related to that relationship. If the individual subsequently establishes a new customer relationship with the licensee, the opt out direction that applied to the former relationship does not apply to the new relationship.

(h) Any authorized representative may opt out on behalf of the consumer. A licensee receiving notice that a consumer has opted out shall not require proof of authorization unless it has a reasonable basis for believing that the person submitting the opt-out direction was acting contrary to the wishes of the consumer.

Notes

Cal. Code Regs. Tit. 10, § 2689.8

Note: Authority cited: Sections 791- 791.27, Insurance Code; and 15 U.S.C. Sections 6801, 6805 and 6807. Reference: Section 791.13. Insurance Code; Section 4056.5, Financial Code; and 15 U.S.C. Section 6802.

1. New section filed 11-22-2002; operative 3-24-2003 (Register 2002, No. 47).
2. Change without regulatory effect amending subsection (c)(2), repealing subsection (c)(3) and amending Note filed 11-4-2010 pursuant to section 100, title 1, California Code of Regulations (Register 2010, No. 45).
3. Change without regulatory effect amending subsection (a) filed 7-14-2021 pursuant to section 100, title 1, California Code of Regulations (Register 2021, No. 29). Filing deadline specified in Government Code section 11349.3(a) extended 60 calendar days pursuant to Executive Order N-40-20.

The following state regulations pages link to this page.



State regulations are updated quarterly; we currently have two versions available. Below is a comparison between our most recent version and the prior quarterly release. More comparison features will be added as we have more versions to compare.