Current through Register Vol. 54, No. 45, November 9, 2024
Section 146a.21 - Limits on disclosure of nonpublic personal financial information to nonaffiliated third parties(a)Conditions for disclosure. Except as otherwise authorized in this chapter, a licensee may not, directly or through an affiliate, disclose nonpublic personal financial information about a consumer to a nonaffiliated third party unless all of the following conditions are met: (1) The licensee has provided to the consumer an initial notice as required under § 146a.11 (relating to initial privacy notice to consumers required).(2) The licensee has provided to the consumer an opt out notice as required in § 146a.14 (relating to form of opt out notice to consumers and opt out methods).(3) The licensee has given the consumer a reasonable opportunity, before it discloses the information to the nonaffiliated third party, to opt out of the disclosure.(4) The consumer does not opt out.(b)Opt out definition. Opt out means a direction by the consumer that the licensee not disclose nonpublic personal financial information about that consumer to a nonaffiliated third party, other than as permitted by Subchapter D (relating to exceptions to limits on disclosure of nonpublic personal financial information).(c)Examples of reasonable opportunity to opt out. A licensee provides a consumer with a reasonable opportunity to opt out if: (1)By mail. The licensee mails the notices required in subsection (a) to the consumer and allows the consumer to opt out by mailing a form, calling a toll-free telephone number or any other reasonable means within 30 days from the date the licensee mailed the notices.(2)By electronic means. A customer opens an online account with a licensee and agrees to receive the notices required in subsection (a) electronically, and the licensee allows the customer to opt out by any reasonable means within 30 days after the date that the customer acknowledges receipt of the notices in conjunction with opening the account.(3)Isolated transaction with consumer. For an isolated transaction such as providing the consumer with an insurance quote, a licensee provides the consumer with a reasonable opportunity to opt out if the licensee provides the notices required in subsection (a) at the time of the transaction and requests that the consumer decide, as a necessary part of the transaction, whether to opt out before completing the transaction.(d)Application of opt out to all consumers and all nonpublic personal financial information. (1) A licensee shall comply with this section, regardless of whether the licensee and the consumer have established a customer relationship.(2) Unless a licensee complies with this section, the licensee may not, directly or through an affiliate, disclose nonpublic personal financial information about a consumer that the licensee has collected, regardless of whether the licensee collected it before or after receiving the direction to opt out from the consumer.(e)Partial opt out. A licensee may allow a consumer to select certain nonpublic personal financial information or certain nonaffiliated third parties with respect to which the consumer wishes to opt out. This section cited in 31 Pa. Code § 146a.13 (relating to information to be included in privacy notices); 31 Pa. Code § 146a.14 (relating to form of opt out notice to consumers and opt out methods); 31 Pa. Code § 146a.31 (relating to exception to opt out requirements for disclosure of nonpublic personal financial information for service providers and joint marketing); 31 Pa. Code § 146a.32 (relating to exceptions to notice and opt out requirements for disclosure of nonpublic personal financial information for processing and servicing); and 31 Pa. Code § 146a.33 (relating to other exceptions to notice and opt out requirements for disclosure of nonpublic personal financial information).