This is the preview version of the Wisconsin State Legislature site.
Please see http://docs.legis.wisconsin.gov for the production version.
Ins 25.20(2)(b) (b) A revised notice is not required if the licensee discloses nonpublic personal financial information to a new nonaffiliated third party that the licensee adequately described in its prior notice.
Ins 25.20(3) (3)Delivery. When a licensee is required to deliver a revised privacy notice by this section, the licensee shall deliver it according to s. Ins 25.25.
Ins 25.20 History History: Cr. Register, June, 2001, No. 546, eff. 7-1-01.
Ins 25.25 Ins 25.25 Delivery.
Ins 25.25(1)(1) How to provide notices. A licensee shall provide any notices that this chapter requires so that each consumer can reasonably be expected to receive actual notice in writing or, if the consumer agrees, electronically.
Ins 25.25(2) (2)Examples.
Ins 25.25(2)(a)(a) Examples of reasonable expectation of actual notice. A licensee may reasonably expect that a consumer will receive actual notice of its privacy policies and practices if the licensee does any of the following:
Ins 25.25(2)(a)1. 1. Hand-delivers a printed copy of the notice to the consumer.
Ins 25.25(2)(a)2. 2. Mails a printed copy of the notice to the last known address of the consumer separately, or in a policy, billing or other written communication.
Ins 25.25(2)(a)3. 3. For a consumer who conducts transactions electronically, posts the notice on the electronic site and requires the consumer to acknowledge receipt of the notice as a necessary step to obtaining a particular insurance product or service.
Ins 25.25(2)(a)4. 4. For an isolated transaction with a consumer, such as the licensee providing an insurance quote or selling the consumer travel insurance, posts the notice and requires the consumer to acknowledge receipt of the notice as a necessary step to obtaining the particular insurance product or service.
Ins 25.25(2)(b) (b) Examples of unreasonable expectation of actual notice. A licensee may not, however, reasonably expect that a consumer will receive actual notice of its privacy policies and practices if it does any of the following:
Ins 25.25(2)(b)1. 1. Only posts a sign in its office or generally publishes advertisements of its privacy policies and practices.
Ins 25.25(2)(b)2. 2. Sends the notice via electronic mail to a consumer who does not obtain an insurance product or service from the licensee electronically.
Ins 25.25(3) (3)Annual notices only. A licensee may reasonably expect that a customer will receive actual notice of the licensee's annual privacy notice if it does any of the following:
Ins 25.25(3)(a) (a) The customer uses the licensee's web site to access insurance products and services electronically and agrees to receive notices at the web site and the licensee posts its current privacy notice continuously in a clear and conspicuous manner on the web site.
Ins 25.25(3)(b) (b) The customer has requested that the licensee refrain from sending any information regarding the customer relationship, the licensee maintains a record of the request and the licensee's current privacy notice remains available to the customer upon request.
Ins 25.25(4) (4)Oral description of notice insufficient. A licensee may not provide any notice required by this chapter solely by orally explaining the notice, either in person or over the telephone.
Ins 25.25(5) (5)Retention or accessibility of notices for customers.
Ins 25.25(5)(a)(a) For customers only, a licensee shall provide the initial notice required by s. Ins 25.10 (1) (a), the annual notice required by s. Ins 25.13 (1), and the revised notice required by s. Ins 25.20 so that the customer can retain them or obtain them later in writing or, if the customer agrees, electronically.
Ins 25.25(5)(b) (b) Examples of retention or accessibility. A licensee provides a privacy notice to the customer so that the customer can retain it or obtain it later if the licensee does any of the following:
Ins 25.25(5)(b)1. 1. Hand-delivers a printed copy of the notice to the customer.
Ins 25.25(5)(b)2. 2. Mails a printed copy of the notice to the last known address of the customer.
Ins 25.25(5)(b)3. 3. Makes its current privacy notice available on a web site or a link to another web site for the customer who obtains an insurance product or service electronically and agrees to receive the notice at the web site.
Ins 25.25(6) (6)Joint notice with other financial institutions. A licensee may provide a joint notice from the licensee and one or more of its affiliates or other financial institutions, as identified in the notice, as long as the notice is accurate with respect to the licensee and the other institutions. A licensee also may provide a notice on behalf of another financial institution.
Ins 25.25(7) (7)Joint relationships. If two or more consumers jointly obtain an insurance product or service from a licensee, the licensee may satisfy the initial, annual and revised notice requirements of ss. Ins 25.10 (1), 25.13 (1), and 25.20 (1), respectively, by providing one notice to those consumers jointly.
Ins 25.25(8) (8)Multiple insurance products or services. If a consumer or two or more consumers jointly seek to obtain or obtain multiple insurance products or services from a licensee or its affiliates, the licensee may satisfy the initial, annual and revised notice requirements of ss. Ins 25.10 (1), 25.13 (1), and 25.20 (1), respectively, for the licensee and its affiliates by providing one notice to those consumers.
Ins 25.25 History History: Cr. Register, June, 2001, No. 546, eff. 7-1-01.
subch. III of ch. Ins 25 Subchapter III — Limits on Disclosures of Financial Information
Ins 25.30 Ins 25.30 Limits on disclosure of nonpublic personal financial information to nonaffiliated third parties.
Ins 25.30(1)(1) Process.
Ins 25.30(1)(a)(a) Conditions for disclosure. Except as otherwise authorized in this chapter, a licensee may not, directly or through any affiliate, disclose any nonpublic personal financial information about a consumer to a nonaffiliated third party unless all of the following have occurred:
Ins 25.30(1)(a)1. 1. The licensee has provided to the consumer an initial notice as required under s. Ins 25.10.
Ins 25.30(1)(a)2. 2. The licensee has provided to the consumer an opt out notice as required in s. Ins 25.17.
Ins 25.30(1)(a)3. 3. The licensee has given the consumer a reasonable opportunity, before it discloses the information to the nonaffiliated third party, to opt out of the disclosure.
Ins 25.30(1)(a)4. 4. The consumer does not opt out.
Ins 25.30(1)(b) (b) Opt out definition. Opt out means a direction by the consumer that the licensee not disclose nonpublic personal financial information about that consumer to a nonaffiliated third party, other than as permitted by ss. Ins 25.50, 25.55, and 25.60.
Ins 25.30(1)(c) (c) Examples of reasonable opportunity to opt out. A licensee provides a consumer with a reasonable opportunity to opt out if it does any of the following:
Ins 25.30(1)(c)1. 1. `By mail.' The licensee mails the notices required in par. (a) to the consumer and allows the consumer to opt out by mailing a form, calling a toll-free telephone number or any other reasonable means within thirty days from the date the licensee mailed the notices.
Ins 25.30(1)(c)2. 2. `By electronic means.' A customer purchases an insurance service or product from a licensee and agrees to receive the notices required in par. (a) electronically, and the licensee allows the customer to opt out by any reasonable means within 30 days after the date that the customer acknowledges receipt of the notices in conjunction the transaction.
Ins 25.30(1)(c)3. 3. `Isolated transaction with consumer.' For an isolated transaction such as providing the consumer with an insurance quote, a licensee provides the consumer with a reasonable opportunity to opt out if the licensee provides the notices required in par. (a) at the time of the transaction and requests that the consumer decide, as a necessary part of the transaction, whether to opt out before completing the transaction.
Ins 25.30(2) (2)Application of opt out to all consumers and all nonpublic personal financial information.
Ins 25.30(2)(a)(a) A licensee shall comply with this section, regardless of whether the licensee and the consumer have established a customer relationship.
Ins 25.30(2)(b) (b) Unless a licensee complies with this section, the licensee may not, except as permitted in ss. Ins 25.50, 25.55, and 25.60, directly or through any affiliate, disclose any nonpublic personal financial information about a consumer that the licensee has collected, regardless of whether the licensee collected it before or after receiving the direction to opt out from the consumer.
Ins 25.30(3) (3)Partial opt out. A licensee may allow a consumer to select certain nonpublic personal financial information or certain nonaffiliated third parties with respect to which the consumer wishes to opt out.
Ins 25.30 History History: Cr. Register, June, 2001, No. 546, eff. 7-1-01.
Ins 25.35 Ins 25.35 Limits on re-disclosure and reuse of nonpublic personal financial information.
Ins 25.35(1) (1) Redisclosure under exception.
Ins 25.35(1)(a)(a) Information the licensee receives under an exception. If a licensee receives nonpublic personal financial information from a nonaffiliated financial institution under an exception in s. Ins 25.55 or 25.60, the licensee may use or disclose that information only under the following conditions:
Ins 25.35(1)(a)1. 1. The licensee may disclose the information to the affiliates of the financial institution from which the licensee received the information.
Ins 25.35(1)(a)2. 2. The licensee may disclose the information to its affiliates, but the licensee's affiliates may, in turn, disclose and use the information only to the extent that the licensee may disclose and use the information.
Ins 25.35(1)(a)3. 3. The licensee may disclose and use the information pursuant to an exception in s. Ins 25.55 or 25.60, in the ordinary course of business to carry out the activity covered by the exception under which the licensee received the information.
Ins 25.35(1)(b) (b) Example. If a licensee receives information from a nonaffiliated financial institution for claims settlement purposes, the licensee may disclose the information for fraud prevention, or in response to a properly authorized subpoena. The licensee may not disclose that information to a third party for marketing purposes or use that information for its own marketing purposes.
Ins 25.35(2) (2)Redisclosure outside exception.
Ins 25.35(2)(a)(a) Information a licensee receives outside of an exception. If a licensee receives nonpublic personal financial information from a nonaffiliated financial institution other than under an exception in s. Ins 25.55 or 25.60, the licensee may not disclose the information except to any of the following:
Ins 25.35(2)(a)1. 1. To the affiliates of the financial institution from which the licensee received the information.
Ins 25.35(2)(a)2. 2. To its affiliates, but its affiliates may, in turn, disclose the information only to the extent that the licensee may disclose the information.
Ins 25.35(2)(a)3. 3. To any other person, if the disclosure would be lawful if made directly to that person by the financial institution from which the licensee received the information.
Ins 25.35(2)(b) (b) Example. If a licensee obtains a customer list from a nonaffiliated financial institution outside of the exceptions in s. Ins 25.55 or 25.60 it may do any of the following:
Ins 25.35(2)(b)1. 1. The licensee may use that list for its own purposes.
Ins 25.35(2)(b)2. 2. The licensee may disclose that list to another nonaffiliated third party only if the financial institution from which the licensee purchased the list could have lawfully disclosed the list to that third party. That is, the licensee may disclose the list in accordance with the privacy policy of the financial institution from which the licensee received the list, as limited by the opt out direction of each consumer whose nonpublic personal financial information the licensee intends to disclose, and the licensee may disclose the list in accordance with an exception in s. Ins 25.55 or 25.60, such as to the licensee's attorneys or accountants.
Ins 25.35(3) (3)Information a licensee discloses under an exception. If a licensee discloses nonpublic personal financial information to a nonaffiliated third party under an exception in s. Ins 25.55 or 25.60, the third party may not disclose or use that information except under any of the following circumstances:
Ins 25.35(3)(a) (a) The third party may disclose the information to the licensee's affiliates.
Ins 25.35(3)(b) (b) The third party may disclose the information to its affiliates, but its affiliates may, in turn, disclose and use the information only to the extent that the third party may disclose and use the information.
Ins 25.35(3)(c) (c) The third party may disclose and use the information pursuant to an exception in s. Ins 25.55 or 25.60 in the ordinary course of business to carry out the activity covered by the exception under which it received the information.
Ins 25.35(4) (4)Information a licensee discloses outside of an exception. If a licensee discloses nonpublic personal financial information to a nonaffiliated third party other than under an exception in s. Ins 25.55 or 25.60, the third party may not disclose the information except under any of the following circumstances:
Ins 25.35(4)(a) (a) To the licensee's affiliates.
Ins 25.35(4)(b) (b) To the third party's affiliates, but the third party's affiliates, in turn, may disclose the information only to the extent the third party can disclose the information.
Ins 25.35(4)(c) (c) To any other person, if the disclosure would be lawful if the licensee made it directly to that person.
Ins 25.35 History History: Cr. Register, June, 2001, No. 546, eff. 7-1-01.
Ins 25.40 Ins 25.40 Limits on sharing account number information for marketing purposes.
Ins 25.40(1) (1) General prohibition on disclosure of account numbers. A licensee shall not, directly or through an affiliate, disclose, other than to a consumer reporting agency, a policy number or similar form of access number or access code for a consumer's policy or transaction account to any nonaffiliated third party for use in telemarketing, direct mail marketing or other marketing through electronic mail to the consumer.
Ins 25.40(2) (2)Exceptions. Subsection (1) does not apply if a licensee discloses a policy number or similar form of access number or access code to any of the following:
Ins 25.40(2)(a) (a) To the licensee's service provider solely in order to perform marketing for the licensee's own products or services, as long as the service provider is not authorized to directly initiate charges to the account.
Ins 25.40(2)(b) (b) To a licensee who is a producer solely in order to perform marketing for the licensee's own products or services.
Ins 25.40(2)(c) (c) To a participant in an affinity or similar program where the participants in the program are identified to the customer when the customer enters into the program.
Ins 25.40(3) (3)Examples.
Ins 25.40(3)(a)(a) Policy number. A policy number, or similar form of access number or access code, does not include a number or code in an encrypted form, as long as the licensee does not provide the recipient with a means to decode the number or code.
Ins 25.40(3)(b) (b) Policy or transaction account. For the purposes of this section, a policy or transaction account is an account other than a deposit account or a credit card account. A policy or transaction account does not include an account to which third parties cannot initiate charges.
Ins 25.40 History History: Cr. Register, June, 2001, No. 546, eff. 7-1-01.
subch. IV of ch. Ins 25 Subchapter IV — Exceptions to Limits on Disclosure of Financial Information
Ins 25.50 Ins 25.50 Exception to opt out requirements for disclosure of nonpublic personal financial information for service providers and joint marketing.
Ins 25.50(1) (1) Services.
Ins 25.50(1)(a)(a) General rule. The opt out requirements in ss. Ins 25.17 and 25.30 do not apply when a licensee provides nonpublic personal financial information to either of the following:
Ins 25.50(1)(a)1. 1. A nonaffiliated third party to perform services for the licensee or functions on the licensee's behalf, if the licensee complies with all of the following:
Ins 25.50(1)(a)1.a. a. It provides the initial notice in accordance with s. Ins 25.10.
Ins 25.50(1)(a)1.b. b. It enters into a contractual agreement with the third party that prohibits the third party from disclosing or using the information other than to carry out the purposes for which the licensee disclosed the information, including use under an exception in s. Ins 25.55 or 25.60 in the ordinary course of business to carry out those purposes.
Ins 25.50(1)(a)2. 2. A nonaffiliated third party for the purpose of marketing goods or services under the brand name of a licensee under ch. Ins 15, or an affiliate of such a licensee, if the licensee complies with all of the following:
Ins 25.50(1)(a)2.a. a. It provides the initial notice in accordance with s. Ins 25.10.
Loading...
Loading...
Published under s. 35.93, Stats. Updated on the first day of each month. Entire code is always current. The Register date on each page is the date the chapter was last published.