28 Tex. Admin. Code § 22.2

Current through Reg. 49, No. 49; December 6, 2024
Section 22.2 - Definitions

The following words and terms, when used in this chapter, will have the following meanings, unless the context clearly indicates otherwise.

(1) Affiliate--Any company that controls, is controlled by, or is under common control with another company.
(2) Agent--As set out in Insurance Code §§ 2651.002 - 2651.011, 2651.051 - 2651.059, 4001.002, 4001.051, and 4001.053.
(3) Authorization--As set out in Insurance Code § 82.001.
(4) Clear and conspicuous--A notice reasonably understandable and designed to call attention to the nature and significance of the information in the notice.
(5) Collect--To obtain information that the covered entity organizes or can retrieve by the name of an individual or by identifying number, symbol, or other identifying particular assigned to the individual, irrespective of the source of the underlying information.
(6) Commissioner--The commissioner of insurance.
(7) Company--A corporation, limited liability company, business trust, general or limited partnership, association, sole proprietorship, or other similar organization.
(8) Consumer--An individual or that individual's representative who seeks to obtain, obtains, or has obtained an insurance product or service from a covered entity that is to be used primarily for personal, family, or household purposes, and about whom the covered entity has nonpublic personal financial information.
(9) Consumer reporting agency--As defined in §603(f) of the federal Fair Credit Reporting Act (FCRA) (15 U.S.C. §1681a(f)).
(10) Control--Includes the terms "controls," "controlled by," and "under common control," and has the meaning assigned that term by Insurance Code § 823.005 and § 823.151.
(11) Covered entity--An individual or entity that receives an authorization from the Texas Department of Insurance. The term includes any individual or entity described by Insurance Code, § 82.002.
(12) Customer--A consumer who has a customer relationship with a covered entity.
(13) Customer relationship--A continuing relationship, as described in § 22.5 of this subchapter (relating to Determination of Continuing Relationship), between a consumer and a covered entity under which the covered entity provides one or more insurance products or services to the consumer to be used primarily for personal, family, or household purposes.
(14) Financial institution--Any institution, the business of which is engaging in activities that are financial in nature or incidental to financial activities as described in §4(k) of the Bank Holding Company Act of 1956 (12 U.S.C. §1843(k)). Financial institution does not include:
(A) any person or entity with respect to any financial activity that is subject to the jurisdiction of the Commodity Futures Trading Commission under the Commodity Exchange Act (7 U.S.C. §1 et seq.);
(B) the Federal Agricultural Mortgage Corporation or any entity charged and operating under the Farm Credit Act of 1971 (12 U.S.C. §2001 et seq.); or
(C) institutions chartered by Congress specifically to engage in securitizations, secondary market sales (including sales of servicing rights), or similar transactions related to a transaction of a consumer, as long as the institutions do not sell or transfer nonpublic personal financial information to a nonaffiliated third party.
(15) Financial product or service--Any product or service that a financial holding company could offer by engaging in an activity that is financial in nature or incidental to a financial activity under §4(k) of the Bank Holding Company Act of 1956 (12 U.S.C. §1843(k)). Financial service includes a financial institution's evaluation or brokerage of information that the financial institution collects in connection with a request or an application from a consumer for a financial product or service.
(16) Health care--
(A) preventive, diagnostic, therapeutic, rehabilitative, maintenance or palliative care, services, procedures, tests, or counseling that:
(i) relates to the physical, mental, or behavioral condition of an individual; or
(ii) affects the structure or function of the human body or any part of the human body, including the banking of blood, sperm, organs, or any other tissue; or
(B) prescribing, dispensing, or furnishing drugs or biologicals, medical devices, or health care equipment and supplies to an individual.
(17) Health care provider--A physician or other health care practitioner licensed, accredited, or certified to perform specified health services consistent with state law, or a health care facility.
(18) Health information--Any information or data, except age or gender, whether oral or recorded, in any form or medium, that is created by or derived from a health care provider or the consumer that relates to:
(A) the past, present, or future physical, mental, or behavioral health or condition of an individual;
(B) the provision of health care to an individual; or
(C) payment for the provision of health care to an individual.
(19) Insurance product or service--Any product or service offered by a covered entity under the Insurance Code and other insurance laws of this state. Insurance service includes a covered entity's evaluation, brokerage, or distribution of information that the covered entity collects in connection with a request or an application from a consumer for an insurance product or service.
(20) Nonaffiliated third party--An entity that is not an affiliate of, related to by common ownership, or affiliated by corporate control with the covered entity. The term does not include a joint employee of the entity.
(21) Nonpublic personal financial information--Information that:
(A) includes:
(i) personally identifiable financial information;
(ii) any list, description, or other grouping of consumers (and publicly available information pertaining to them) derived using any personally identifiable financial information not publicly available; and
(iii) any list of individuals' names and street addresses derived in whole or in part using personally identifiable financial information not publicly available, such as account numbers;
(B) does not include:
(i) health information;
(ii) publicly available information unless derived from a nonpublic source as described in subparagraphs (A)(ii) and (A)(iii) of this paragraph;
(iii) any list, description, or other grouping of consumers (and publicly available information pertaining to them) derived without using any personally identifiable financial information not publicly available; and
(iv) any list of individuals' names and addresses that:
(I) contains only publicly available information;
(II) is wholly derived using personally identifiable financial information that is publicly available; and
(III) does not disclose that any of the individuals on the list is a consumer of a financial institution.
(22) Opt out--A direction by the consumer that the covered entity not disclose nonpublic personal financial information about that consumer to a nonaffiliated third party, other than as permitted by § 22.17 of this title, § 22.18 of this title (relating to Exceptions to Notice and Opt Out Requirements for Disclosure of Nonpublic Personal Financial Information for Processing and Servicing Transactions), and § 22.19 of this title (relating to Other Exceptions to Notice and Opt Out Requirements for Disclosure of Nonpublic Personal Financial Information).
(23) Personally identifiable financial information--
(A) The term includes:
(i) any information a consumer provides to a covered entity to obtain an insurance product or service from the covered entity;
(ii) any information about a consumer resulting from a transaction involving an insurance product or service between a covered entity and a consumer;
(iii) any information the covered entity otherwise obtains about a consumer in connection with providing an insurance product or service to that consumer;
(iv) account balance information and payment history;
(v) the fact that an individual is or has been one of the covered entity's customers or has obtained an insurance product or service from the covered entity;
(vi) any information about the covered entity's consumer disclosed in a manner that indicates that the individual is or has been the covered entity's consumer;
(vii) any information a consumer provides to a covered entity or that the covered entity or its agent otherwise obtains in connection with collecting on a loan or servicing a loan;
(viii) any information the covered entity collects through an information-collecting device from an Internet web server; and
(ix) information from a consumer report.
(B) The term does not include:
(i) health information;
(ii) a list of names and addresses of customers of an entity that is not a financial institution; and
(iii) information that does not identify a consumer, such as aggregate information or blind data that does not contain personal identifiers such as account numbers, names, or addresses.
(24) Publicly available information--Any information a covered entity has a reasonable basis to believe is lawfully made available to the general public from:
(A) federal, state, or local government records;
(B) widely distributed media; or
(C) disclosures to the general public required to be made by federal, state or local law.

28 Tex. Admin. Code § 22.2

The provisions of this §22.2 adopted to be effective December 17, 2001, 26 TexReg 10316; amended by Texas Register, Volume 39, Number 49, December 5, 2014, TexReg 9566, eff. 12/7/2014