Register February 2018 No. 746
Chapter Ins 25
PRIVACY OF CONSUMER FINANCIAL AND HEALTH INFORMATION
Subchapter I — General Provisions
Ins 25.02 Purpose and scope.
Ins 25.03 Rule of construction.
Subchapter II — Privacy and Opt-Out Notices for Financial Information
Ins 25.10 Initial privacy notice to consumers required.
Ins 25.13 Annual privacy notice to customers required.
Ins 25.15 Information to be included in privacy notices.
Ins 25.17 Form of opt out notice to consumers and opt out methods.
Ins 25.20 Revised privacy notices.
Subchapter III — Limits on Disclosures of Financial Information
Ins 25.30 Limits on disclosure of nonpublic personal financial information to nonaffiliated third parties.
Ins 25.35 Limits on re-disclosure and reuse of nonpublic personal financial information.
Ins 25.40 Limits on sharing account number information for marketing purposes.
Subchapter IV — Exceptions to Limits on Disclosure of Financial Information
Ins 25.50 Exception to opt out requirements for disclosure of nonpublic personal financial information for service providers and joint marketing.
Ins 25.55 Exceptions to notice and opt out requirements for disclosure of nonpublic personal financial information for processing and servicing transactions.
Ins 25.60 Other exceptions to notice and opt out requirements for disclosure of nonpublic personal financial information.
Subchapter V — Health Information
Ins 25.70 When authorization required for disclosure of nonpublic personal health information.
Ins 25.73 Authorizations.
Ins 25.75 Authorization request delivery.
Ins 25.77 Relationship to federal rules.
Ins 25.80 Insurers and agents compliance with s.
610.70, Stats.
Subchapter VI — Additional Provisions
Ins 25.90 Nondiscrimination.
Ins 25.95 Effective date.
Ins 25.01 History
History: Cr.
Register, June, 2001, No. 546, eff. 7-1-01.
Ins 25.02(1)(1)
Purposes. This chapter governs the treatment of nonpublic personal health information and nonpublic personal financial information about individuals by all licensees of the office of the commissioner of insurance except to the extent that a licensee is excepted from a provision of this chapter. This chapter does all of the following:
Ins 25.02(1)(a)
(a) It requires a licensee to provide notice to individuals about its privacy policies and practices.
Ins 25.02(1)(b)
(b) It describes the conditions under which a licensee may disclose nonpublic personal health information and nonpublic personal financial information about individuals to affiliates and nonaffiliated third parties.
Ins 25.02(1)(c)
(c) It provides methods for individuals to prevent a licensee from disclosing that information.
Ins 25.02(2)(a)
(a) Nonpublic personal financial information about individuals who obtain or are beneficiaries of products or services primarily for personal, family or household purposes from licensees, about individuals who are beneficiaries under group health plans and claimants under workers' compensation policies, and about individuals who are third-party claimants against products or services obtained for
business, commercial or agricultural purposes. This chapter does not apply to information about companies or about individuals who obtain products or services for business, commercial or agricultural purposes; and
Ins 25.02(2)(b)
(b) All nonpublic personal health information about individuals who obtain or are beneficiaries of products or services primarily for personal, family or household purposes from licensees, about individuals who are beneficiaries under group health plans and claimants under workers' compensation policies, and about individuals who are third-party claimants against products or services obtained for business, commercial or agricultural purposes, except to the extent the information is subject to s.
51.30,
146.81 to
146.84 or
610.70, Stats.
Ins 25.02(3)
(3) Extra-territorial application. A licensee domiciled in this state that is in compliance with this chapter in a state that has not enacted laws or regulations that meet the requirements of Title V of the Gramm-Leach-Bliley Act (PL
102-106) is in compliance with Title V of the Gramm-Leach-Bliley Act in such other state.
Ins 25.02 History
History: Cr.
Register, June, 2001, No. 546, eff. 7-1-01.
Ins 25.03
Ins 25.03
Rule of construction. The examples in this chapter and the sample clauses in Appendix A of this chapter are not exclusive. Compliance with an example or use of a sample clause, to the extent applicable, constitutes compliance with this chapter.
Ins 25.03 History
History: Cr.
Register, June, 2001, No. 546, eff. 7-1-01.
Ins 25.04
Ins 25.04
Definitions. As used in this chapter, unless the context requires otherwise:
Ins 25.04(1)
(1) “Affiliate" means any company that controls, is controlled by or is under common control with another company.
Ins 25.04(2)(a)(a) “Clear and conspicuous" means that a notice is reasonably understandable and designed to call attention to the nature and significance of the information in the notice.
Ins 25.04(2)(b)
(b) The following are examples of the application of “clear and conspicuous:"
Ins 25.04(2)(b)1.
1. `Reasonably understandable.' A licensee makes its notice reasonably understandable if it does all of the following:
Ins 25.04(2)(b)1.a.
a. Presents the information in the notice in clear, concise sentences, paragraphs, and sections.
Ins 25.04(2)(b)1.c.
c. Uses definite, concrete, everyday words and active voice whenever possible.
Ins 25.04(2)(b)1.e.
e. Avoids legal and highly technical business terminology whenever possible.