Section R590-206-17 - Other Exceptions to Notice and Opt Out Requirements for Disclosure of Nonpublic Personal Financial Information(1) The initial notice requirements under Subsection R590-206-5(1)(b), the opt out requirements under Sections R590-206-8 and R590-206-12, and the service provider and joint marketing requirements under Section R590-206-15 do not apply when a licensee discloses nonpublic personal financial information: (a) with the consent, or at the direction of, a consumer, provided the consumer has not revoked the consent or direction;(b) to protect: (i) the confidentiality or security of a licensee's records pertaining to a consumer, service, product, or transaction;(ii) against, or prevent, actual or potential fraud or an unauthorized transaction;(iii) against institutional risk control or resolving a consumer dispute or inquiry;(iv) a person holding a legal or beneficial interest relating to the consumer; or(v) a person acting in a fiduciary or representative capacity on behalf of the consumer;(c) to provide information to an insurance rate advisory organization, a guaranty fund, an agency, an agency that rates a licensee, a person that assesses the licensee's compliance with industry standards, and the licensee's attorney, accountant, and auditor;(d) to the extent permitted under the Right to Financial Privacy Act of 1978, U.S.C. 3401 et seq., to a law enforcement agency, a state insurance department, the Federal Trade Commission, a self-regulatory organization, or for an investigation on a matter related to public safety;(e)(i) to a consumer reporting agency under the Fair Credit Reporting Act, 15 U.S.C. 1681 et seq.; or(ii) from a consumer report from a consumer reporting agency;(f) in connection with a proposed or actual sale, merger, transfer, or exchange of all or a portion of a business or operating unit if the disclosure of nonpublic personal financial information concerns solely a consumer of the business or unit;(g)(i) to comply with a federal, state, or local law, rule, or other legal requirement;(ii) to comply with a civil, criminal, or regulatory investigation, or a subpoena or summons by a federal, state, or local authority; or(iii) to respond to a judicial process or government regulatory authority having jurisdiction over a licensee for examination, compliance, or another purpose, as authorized by law; or(h) for purposes related to the replacement of a group benefit plan, a group health plan, a group welfare plan, or a workers' compensation policy.(2) An insurer subject to a formal delinquency proceeding under Section 31A-27a-207, 31A-27a-301, or 31A-27a-401 is not subject to the requirements of Subsection R590-206-5(1)(b) or the opt out requirements of this rule.(3) A consumer may revoke consent by exercising the right to opt out of future disclosures of nonpublic personal information under Subsection R590-206-8(6).Utah Admin. Code R590-206-17
Amended by Utah State Bulletin Number 2017-15, effective 7/11/2017Adopted by Utah State Bulletin Number 2023-23, effective 11/21/2023