Section 26.1-02-27 - Disclosing nonpublic personal information1. An insurance company, nonprofit health service corporation, or health maintenance organization may not disclose to a nonaffiliated third party a customer's nonpublic personal information contrary to the provisions of title V of the Gramm-Leach-Bliley Act [ Pub. L. 106-102; 113 Stat. 1436] or contrary to the rules adopted by the commissioner under this section.2. The commissioner shall adopt rules necessary to carry out this section.a. The rules must be consistent with and not more restrictive than the model regulation adopted by the national association of insurance commissioners entitled "Privacy of Consumer Financial and Health Information Regulation".b. Notwithstanding subdivision a and subject to the exceptions, including the affiliate sharing exception provided for in the national association of insurance commissioners' model regulation, the rules may prohibit the disclosure of nonpublic personal health and financial information concerning an individual unless an authorization is obtained from the individual whose nonpublic personal health and financial information is sought to be disclosed.c. The rules may not require an insurance company, nonprofit health service corporation, or health maintenance organization to provide an annual privacy notice if the insurance company, nonprofit health service corporation, or health maintenance organization: (1) Complies with nonaffiliated third-party sharing rules adopted by the commissioner; and(2) Has not changed the insurance company's, nonprofit health service corporation's, or health maintenance organization's policies and practices with regard to disclosing nonpublic personal information from the policies and practices that were disclosed in the most recent notice sent to consumers.3. This section does not create a private right of action.Amended by S.L. 2019, ch. 230 (HB 1138),§ 1, eff. 8/1/2019.