Current through November 30, 2024
Section 1016.8 - Revised privacy notices(a)General rule. Except as otherwise authorized in this part, you must not, directly or through any affiliate, disclose any nonpublic personal information about a consumer to a nonaffiliated third party other than as described in the initial notice that you provided to that consumer under § 1016.4 of this part, unless:(1) You have provided to the consumer a clear and conspicuous revised notice that accurately describes your policies and practices;(2) You have provided to the consumer a new opt out notice;(3) You have given the consumer a reasonable opportunity, before you disclose the information to the nonaffiliated third party, to opt out of the disclosure; and(4) The consumer does not opt out.(b)Examples.(1) Except as otherwise permitted by §§ 1016.13 , 1016.14 , and 1016.15 of this part, you must provide a revised notice before you:(i) Disclose a new category of nonpublic personal information to any nonaffiliated third party;(ii) Disclose nonpublic personal information to a new category of nonaffiliated third party; or(iii) Disclose nonpublic personal information about a former customer to a nonaffiliated third party, if that former customer has not had the opportunity to exercise an opt out right regarding that disclosure.(2) A revised notice is not required if you disclose nonpublic personal information to a new nonaffiliated third party that you adequately described in your prior notice.(c)Delivery. When you are required to deliver a revised privacy notice by this section, you must deliver it according to § 1016.9 of this part.