3 Colo. Code Regs. § 702-6-4-2-4

Current through Register Vol. 45, No. 22, November 25, 2022
Section 3 CCR 702-6-4-2-4 - Definitions
A. "Customer" means, for the purpose of this regulation, a consumer who has a customer relationship with a licensee.
B. "Customer information" means, for the purpose of this regulation, nonpublic personal financial information and nonpublic personal health information about a customer, whether in paper, electronic or other form, that is maintained by or on behalf of the licensee.
C. "Customer information systems" means, for the purpose of this regulation, the electronic or physical methods used to access, collect, store, use, transmit, protect or dispose of customer information.
D. "Health information" means, for the purpose of this regulation, any information or data except age or gender, whether oral or recorded in any form or medium, created by or derived from a health care provider or the consumer that relates to:
1. The past, present or future physical, mental or behavioral health or condition of an individual;
2. The provision of health care to an individual; or
3. Payment for the provision of health care to an individual.
E. "Licensee" means, for the purpose of this regulation, all licensed insurers, producers and other persons licensed or required to be licensed, or authorized or required to be authorized pursuant to the insurance laws of Colorado, except that "licensee" shall not include: a purchasing group or a nonadmitted insurer in regard to the surplus lines business conducted pursuant to Title 10, Article 5, C.R.S.
F. "Nonpublic personal financial information" means, for the purpose of this regulation:
1. Personally identifiable financial information; and
2. Any list, description or other grouping of consumers (and publicly available information pertaining to them) that is derived using any personally identifiable financial information that is not publicly available.
3. Nonpublic personal financial information does not include:
a. Health information;
b. Publicly available information
c. Any list, description or other grouping of consumers (and publicly available information pertaining to them) that is derived without using any personally identifiable financial information that is not publicly available.
4. Examples of lists.
a. Nonpublic personal financial information includes any list of individuals' names and street addresses that is derived in whole or in part using personally identifiable financial information that is not publicly available, such as account numbers.
b. Nonpublic personal financial information does not include any list of individuals' names and addresses that contains only publicly available information, is not derived in whole or in part using personally identifiable financial information that is not publicly available, and is not disclosed in a manner that indicates that any of the individuals on the list is a consumer of a financial institution.
G. "Nonpublic personal health information" means, for the purpose of this regulation, health information:
1. That identifies an individual who is the subject of the information; or
2. With respect to which there is a reasonable basis to believe that the information could be used to identify an individual.
H. "Service provider" means, for the purpose of this regulation, a person that maintains, processes or otherwise is permitted access to customer information through its provision of services directly to the licensee.

3 CCR 702-6-4-2-4

40 CR 24, December 25, 2017, effective 1/14/2018