Statutes, codes, and regulations
Delaware Administrative Code
Title 18 - InsuranceConsumer Rights
Privacy of Consumer Financial and Health Information
Section 904-4.0 - Revised Privacy Notices

18 Del. Admin. Code § 904-4.0

Download
PDF
Current through Register Vol. 28, No. 5, November 1, 2024
Section 904-4.0 - Revised Privacy Notices
4.1 General rule. Except as otherwise authorized in this regulation, a licensee shall not, directly or through an affiliate, disclose any nonpublic personal financial information about a consumer to a nonaffiliated third party other than as described in the initial notice that the licensee provided to that consumer under subsection 2.1 of this regulation, unless:
4.1.1 The licensee has provided to the consumer a clear and conspicuous revised notice that accurately describes its policies and practices;
4.1.2 The licensee has provided to the consumer a new opt out notice;
4.1.3 The licensee has given the consumer a reasonable opportunity, before the licensee discloses the information to the nonaffiliated third party, to opt out of the disclosure; and
4.1.4 The consumer does not opt out.
4.2 Examples.
4.2.1 Except as otherwise permitted by Sections 9.0, 10.0 and 11.0 of this regulation, a licensee shall provide a revised notice before it:
4.2.1.1 Discloses a new category of nonpublic personal financial information to any nonaffiliated third party;
4.2.1.2 Discloses nonpublic personal financial information to a new category of nonaffiliated third party; or
4.2.1.3 Discloses nonpublic personal financial information about a former customer to a nonaffiliated third party, if that former customer has not had the opportunity to exercise an opt out right regarding that disclosure.
4.2.2 A revised notice is not required if the licensee discloses nonpublic personal financial information to a new nonaffiliated third party that the licensee adequately described in its prior notice.
4.3 Delivery.
4.3.1 When a licensee is required to deliver a revised privacy notice by this section, the licensee shall deliver it according to Section 5.0 of this regulation.
4.3.2 Unless a licensee is providing privacy notices directly to covered individuals described in subsections 1.9.5.1, 1.9.5.2 or 1.9.5.3 of this regulation, a licensee shall provide initial, annual and revised notices to the plan sponsor, group or blanket insurance policyholder or group annuity contract holder, or workers' compensation policyholder, in the manner described in Sections 2.0 through 4.0 of this regulation, describing the licensee's privacy practices with respect to nonpublic personal information about individuals covered under the policies, contracts or plans.

18 Del. Admin. Code § 904-4.0

22 DE Reg. 1017 (6/1/2019) (final)