Statutes, codes, and regulations
Iowa Administrative Code
Agency 191 - INSURANCE DIVISIONINSURANCE COVERAGE FOR PEDIATRIC PREVENTIVE SERVICES
Chapter 90 - FINANCIAL AND HEALTH INFORMATION REGULATION
Rule 191-90.9 - Limits on disclosure of nonpublic personal financial information to nonaffiliated third parties

Iowa Admin. Code r. 191-90.9

Download
PDF
Current through Register Vol. 46, No. 21, April 17, 2024
Rule 191-90.9 - Limits on disclosure of nonpublic personal financial information to nonaffiliated third parties
(1) A licensee may not directly or through any affiliate disclose any nonpublic personal financial information about a consumer to a nonaffiliated third party except as otherwise authorized in these rules unless the following occur:
a. The licensee has provided to the consumer an initial notice as required under rule 191-90.3 (505);
b. The licensee has provided to the consumer an opt-out notice as required in rule 191-90.6 (505);
c. The licensee has given the consumer a reasonable opportunity to opt out of the disclosure before the licensee discloses the information to the nonaffiliated third party; and
d. The consumer does not opt out.
(2) A licensee provides a consumer with a reasonable opportunity to opt out under the following methods:
a. The licensee mails the notices required in subrule 90.9(1) to the consumer and allows the consumer to opt out by mailing a form, calling a toll-free telephone number or any other reasonable means within 30 days from the date the licensee mailed the notices.
b. A customer opens an online account with a licensee and agrees to receive the notices required in subrule 90.9(1) electronically, and the licensee allows the customer to opt out by any reasonable means within 30 days after the date that the customer acknowledges receipt of the notices in conjunction with opening the account.
c. For an isolated transaction such as providing the customer with an insurance quote, a licensee provides the consumer with a reasonable opportunity to opt out if the licensee provides the notice required in subrule 90.9(1) at the time of the transaction and requests that the consumer decide, as a necessary part of the transaction, whether to opt out before completing the transaction.
(3) A licensee shall comply with this rule regardless of whether the licensee and the consumer have established a customer relationship.
(4) Unless a licensee complies with this rule, the licensee may not directly or through any affiliate disclose any nonpublic personal financial information about a consumer that the licensee has collected, regardless of whether the licensee collected it before or after receiving the direction to opt out from the consumer.
(5) A licensee may allow a consumer to select certain nonpublic personal financial information or certain nonaffiliated third parties with respect to which the consumer wishes to opt out.

Iowa Admin. Code r. 191-90.9

Adopted by IAB March 20, 2024/Volume XLVI, Number 19, effective 4/24/2024