Idaho Admin. Code r. 18.01.01.202

Current through September 2, 2024
Section 18.01.01.202 - SATISFYING THE PRIVACY NOTICE INFORMATION REQUIREMENTS
01.Categories of Nonpublic Personal Financial Information That the Licensee Collects. A licensee satisfies the requirement to categorize the nonpublic personal financial information it collects if the licensee categorizes it according to the source of the information, as applicable:
a. Information from the consumer;
b. Information about the consumer's transactions with the licensee, its affiliates, or third parties;
c. Information from a consumer reporting agency.
02.Categories of Nonpublic Personal Financial Information a Licensee Discloses.
a. A licensee satisfies the requirement to categorize nonpublic personal financial information it discloses if the licensee categorizes it according to the source, as described in Subsection 202.01 of this rule, and provides a few examples to illustrate the types of information in each category.
b. If a licensee reserves the right to disclose all of the nonpublic personal financial information about consumers that it collects, the licensee may simply state that fact without describing the categories or examples of nonpublic personal information the licensee discloses.
03.Categories of Affiliates and Nonaffiliated Third Parties to Whom the Licensee Discloses. A licensee satisfies the requirement to categorize the third parties to which the licensee discloses nonpublic personal financial information about consumers if the licensee identifies the types of businesses in which they engage. Types of businesses may be described by general terms only if the licensee uses a few illustrative examples of significant lines of business.
04.Disclosures Under Exception for Service Providers and Joint Marketers. If a licensee discloses nonpublic personal financial information under the exception in Section 450 to a nonaffiliated third party to market products or services it offers alone or jointly with another financial institution, the licensee satisfies the disclosure requirement of Subsection 200.04 of this rule if it:
a. Lists the categories of nonpublic personal financial information it discloses, using the same categories and examples the licensee used to meet the requirements of Subsection 200.01 of this rule; and
b. States whether the third party is:
i. A service provider that performs marketing services on the licensee's behalf or on behalf of the licensee and another financial institution; or
ii. A financial institution with whom the licensee has a joint marketing agreement.
05.Simplified Notices. If a licensee does not disclose and does not wish to reserve the right to disclose nonpublic personal financial information about customers or former customers to third parties except as authorized under Sections 451 and 452, the licensee may simply state that fact, in addition to the information it provides under Subsections 200.01, 200.07, and Section 201 of this rule.
06.Confidentiality and Security. A licensee describes its policies and practices with respect to protecting the confidentiality and security of nonpublic personal financial information if it does both of the following:
a. Describes in general terms who is authorized to have access to the information; and
b. States whether the licensee has security practices and procedures in place to ensure the confidentiality of the information in accordance with the licensee's policy.

Idaho Admin. Code r. 18.01.01.202

Effective March 31, 2022