Utah Admin. Code R590-206-17 - Other Exceptions to Notice and Opt Out Requirements for Disclosure of Nonpublic Personal Financial Information
Current through Bulletin 2021-24, December 15, 2021
The following state regulations pages link to this page.
State regulations are updated quarterly; we currently have two versions available. Below is a comparison between our most recent version and the prior quarterly release. More comparison features will be added as we have more versions to compare.
(1) Exceptions to opt out requirements. The requirements for initial notice to consumers in Subsection R590-206-5(1)(b), the opt out in Sections 8 and 12, and service providers and joint marketing in Section 15 do not apply when a licensee discloses nonpublic personal financial information:
(a) With the consent or at the direction of the consumer, provided that the consumer has not revoked the consent or direction;
(b)(i) To protect the confidentiality or security of a licensee's records pertaining to the consumer, service, product or transaction;
(ii) To protect against or prevent actual or potential fraud or unauthorized transactions;
(iii) For required institutional risk control or for resolving consumer disputes or inquiries;
(iv) To persons holding a legal or beneficial interest relating to the consumer; or
(v) To persons acting in a fiduciary or representative capacity on behalf of the consumer;
(c) To provide information to insurance rate advisory organizations, guaranty funds or agencies, agencies that are rating a licensee, persons that are assessing the licensee's compliance with industry standards, and the licensee's attorneys, accountants and auditors;
(d) To the extent specifically permitted or required under other provisions of law and in accordance with the federal Right to Financial Privacy Act of 1978 (12 U.S.C. 3401 et seq.), to law enforcement agencies (including the Federal Reserve Board, Office of the Comptroller of the Currency, Federal Deposit Insurance Corporation, Office of Thrift Supervision, National Credit Union Administration, the Securities and Exchange Commission, the Secretary of the Treasury, with respect to 31 U.S.C. Chapter 53, Subchapter II (Records and Reports on Monetary Instruments and Transactions) and 12 U.S.C. Chapter 21, Financial Record keeping, a state insurance authority, and the Federal Trade Commission), self-regulatory organizations or for an investigation on a matter related to public safety;
(e)(i) To a consumer reporting agency in accordance with the federal Fair Credit Reporting Act (15 U.S.C. 1681 et seq.); or
(ii) From a consumer report reported by a consumer reporting agency;
(f) In connection with a proposed or actual sale, merger, transfer or exchange of all or a portion of a business or operating unit if the disclosure of nonpublic personal financial information concerns solely consumers of the business or unit;
(g)(i) To comply with federal, state or local laws, rules and other applicable legal requirements;
(ii) To comply with a properly authorized civil, criminal or regulatory investigation, or subpoena or summons by federal, state or local authorities;
(iii) To respond to judicial process or government regulatory authorities having jurisdiction over a licensee for examination, compliance or other purposes as authorized by law; or
(h) For purposes related to the replacement of a group benefit plan, a group health plan, a group welfare plan or a workers' compensation policy.
(2) A licensed or admitted insurer that is the subject of a formal delinquency proceeding under Sections 31A-27a-207, 31A-27a-301 and 31A-27a-401, is not subject to the requirements of R590-206-5(1)(b), the opt out in Sections (8) and (12), and other notice requirements of this rule.
(3) Example of revocation of consent. A consumer may revoke consent by subsequently exercising the right to opt out of future disclosures of nonpublic personal information as permitted under Subsection R590-206-8(6).