(1) The opt-out
requirements in rules
191-90.6 (505) and
191-90.9 (505) do not apply when
a
licensee provides
nonpublic personal financial information to a
nonaffiliated
third party to perform services for the
licensee or functions for the
licensee
on the
licensee's behalf, if the
licensee does the following:
a. Provides the initial notice in accordance
with rule
191-90.3 (505); and
b.
Enters into a contractual agreement with the third party that prohibits the
third party from disclosing or using the information other than to carry out
the purposes for which the
licensee disclosed the information, including use
under an exception in rules
191-90.13 (505) and
191-90.14 (505) in the ordinary
course of business to carry out those purposes.
For example, if a licensee discloses nonpublic personal
financial information under this rule to a financial institution with which the
licensee performs joint marketing, the licensee's contractual agreement with
that institution meets the requirements of paragraph"b" of
this subrule if it prohibits the institution from disclosing or using the
nonpublic personal financial information except as necessary to carry out the
joint marketing or under an exception in rules
191-90.13 (505) and
191-90.14 (505) in the ordinary
course of business to carry out that joint marketing.
(2) The services a
nonaffiliated third party performs for a licensee under subrule 90.12(1) may
include marketing of the licensee's own products or services or marketing of
financial products or services offered pursuant to joint agreements between the
licensee and one or more financial institutions.
(3) For purposes of this rule, "joint
agreement" means a written contract pursuant to which a licensee and one or
more financial institutions jointly offer, endorse or sponsor a financial
product or service.
Notes
Iowa Admin. Code r. 191-90.12
Adopted by
IAB
March 20, 2024/Volume XLVI, Number 19, effective
4/24/2024
