SAMPLE CLAUSES AND EXAMPLES
RELATING TO 806 KAR 3:210
Licensees, including a group of financial holding
company affiliates that use a common privacy notice, may use the following
sample clauses, if the clause is accurate for each institution that uses the
notice. However, please note that
disclosure of certain information, such as assets, income and information from
a consumer reporting agency, may give rise to obligations under the federal
Fair Credit Reporting Act, such as a requirement to permit a consumer to opt
out of disclosures to affiliates or designation as a consumer reporting agency
if disclosures are made to nonaffiliated third parties.
1. Categories
of information a licensee collects—all institutions
A
licensee may use this clause, as applicable, to meet the requirement of Section
7 (1)(a) to describe the categories of nonpublic personal information the
licensee collects.
Sample Clause 1:
We collect nonpublic personal information about
you from the following sources:
• Information we receive from you on applications
or other forms;
• Information about your transactions with us,
our affiliates or others; and
• Information we receive from a consumer
reporting agency.
Categories of information a licensee
discloses—institutions that disclose outside of the exceptions
A licensee may use one of these clauses, as
applicable, to meet the requirement of Section 7 (1)(b) to describe the
categories of nonpublic personal information the licensee discloses. The licensee may use these clauses if it
discloses nonpublic personal information other than as permitted by the
exceptions in Sections 14, 15 and 16.
Sample Clause 2, Alternative 1:
We may disclose the following kinds of nonpublic
personal information about you:
•
Information we receive from you on applications or other forms, such as
[provide illustrative examples, such as “your name, address, social security
number, assets, income, and beneficiaries”];
• Information about your transactions with us,
our affiliates or others, such as [provide illustrative examples, such as “your
policy coverage, premiums, and payment history”]; and
• Information we receive from a consumer
reporting agency, such as [provide illustrative examples, such as “your
creditworthiness and credit history”].
Sample Clause 2, Alternative 2:
We may disclose all of the information that we
collect, as described [describe location in the notice, such as “above” or
“below”].
Categories of information a licensee
discloses and parties to whom the licensee discloses—institutions that do not
disclose outside of the exceptions
A
licensee may use this clause, as applicable, to meet the requirements of
Sections 7 (1)(b), (c), and (d) to describe the categories of nonpublic
personal information about customers and former customers that the licensee
discloses and the categories of affiliates and nonaffiliated third parties to
whom the licensee discloses. A licensee
may use this clause if the licensee does not disclose nonpublic personal
information to any party, other than as permitted by the exceptions in Sections
15 and 16.
Sample Clause 3:
We do not disclose any nonpublic personal
information about our customers or former customers to anyone, except as permitted
by law.
Categories of parties to whom a
licensee discloses—institutions that disclose outside of the exceptions
A licensee may
use this clause, as applicable, to meet the requirement of Section 7(1)(c) to
describe the categories of affiliates and nonaffiliated third parties to whom
the licensee discloses nonpublic personal information. This clause may be used if the licensee
discloses nonpublic personal information other than as permitted by the
exceptions in Sections 14, 15 and 16, as well as when permitted by the
exceptions in Sections 15 and 16.
Sample Clause 4:
We may disclose nonpublic personal information
about you to the following types of third parties:
• Financial service providers, such as [provide
illustrative examples, such as “life insurers, automobile insurers, mortgage
bankers, securities broker-dealers, and insurance agents”];
• Non-financial companies, such as [provide
illustrative examples, such as “retailers, direct marketers, airlines, and
publishers”]; and
• Others, such as [provide illustrative examples,
such as “non-profit organizations”].
We may also disclose nonpublic personal
information about you to nonaffiliated third parties as permitted by law.
5. Service
provider/joint marketing exception
A
licensee may use one of these clauses, as applicable, to meet the requirements
of Section 7(1)(e) related to the exception for service providers and joint
marketers in Section 14. If a licensee
discloses nonpublic personal information under this exception, the licensee
shall describe the categories of nonpublic personal information the licensee
discloses and the categories of third parties with which the licensee has
contracted.
Sample Clause 5, Alternative 1:
We may disclose the following information to
companies that perform marketing services on our behalf or to other financial
institutions with which we have joint marketing agreements:
• Information we receive from you on applications
or other forms, such as [provide illustrative examples, such as “your name,
address, social security number, assets, income, and beneficiaries”];
• Information about your transactions with us,
our affiliates or others, such as [provide illustrative examples, such as “your
policy coverage, premium, and payment history”]; and
• Information we receive from a consumer
reporting agency, such as [provide illustrative examples, such as “your
creditworthiness and credit history”].
Sample Clause 5, Alternative 2:
We may disclose all of the information we
collect, as described [describe location in the notice, such as “above” or
“below”] to companies that perform marketing services on our behalf or to other
financial institutions with whom we have joint marketing agreements.
6. Explanation
of opt out right—institutions that disclose outside of the exceptions
A licensee may
use this clause, as applicable, to meet the requirement of Section 7(1)(f) to
provide an explanation of the consumer’s right to opt out of the disclosure of
nonpublic personal information to nonaffiliated third parties, including the
method(s) by which the consumer may exercise that right. The licensee may use this clause if the
licensee discloses nonpublic personal information other than as permitted by
the exceptions in Sections 14, 15 and 16.
Sample
Clause 6:
If
you prefer that we not disclose nonpublic personal information about you to
nonaffiliated third parties, you may opt out of those disclosures, that is, you
may direct us not to make those disclosures (other than disclosures permitted
by law). If you wish to opt out of
disclosures to nonaffiliated third parties, you may [describe a reasonable
means of opting out, such as “call the following toll-free number: (insert
number)].
7. Confidentiality
and security—all institutions
A licensee may use this clause, as applicable, to
meet the requirement of Section 7(1)(h) to describe its policies and practices
with respect to protecting the confidentiality and security of nonpublic
personal information.
Sample Clause 7:
We restrict
access to nonpublic personal information about you to [provide an appropriate
description, such as “those employees who need to know that information to
provide products or services to you”].
We maintain physical, electronic, and procedural safeguards that comply
with federal regulations to guard your nonpublic personal
information.
8.
Examples of regulation provisions
a. Example of establishing customer relationship referenced in
Section 5(3)(b). A licensee establishes a customer relationship when the
consumer:
1.
Becomes a policyholder of a licensee that is an insurer when the insurer
delivers an insurance policy or contract to the consumer, or in the case of a
licensee that is an insurance producer or insurance broker, obtains insurance
through that licensee; or
2.
Agrees to obtain financial, economic or investment advisory services
relating to insurance products or services for a fee from the licensee.
b. Examples of exceptions referenced in Section 5(5)(b).
1.
Not at customer’s election. Establishing a customer relationship is not
at the customer’s election if a licensee acquires or is assigned a customer’s
policy from another financial institution or residual market mechanism and the
customer does not have a choice about the licensee’s acquisition or assignment.
2.
Substantial delay of customer’s transaction. Providing notice not later
than when a licensee establishes a customer relationship would substantially
delay the customer’s transaction when the licensee and the individual agree
over the telephone to enter into a customer relationship involving prompt
delivery of the insurance product or service.
3.
No substantial delay of customer’s transaction. Providing notice not
later than when a licensee establishes a customer relationship would not
substantially delay the customer’s transaction when the relationship is
initiated in person at the licensee’s office or through other means by which
the customer may view the notice, such as on a web site.
c. Example
of annual privacy notice referenced in Section 6(1)(b). A licensee provides a notice annually if it
defines the twelve-consecutive-month period as a calendar year and provides the
annual notice to the customer once in each calendar year following the calendar
year in which the licensee provided the initial notice. For example, if a
customer opens an account on any day of year 1, the licensee shall provide an
annual notice to that customer by December 31 of year 2.
d. Examples
of customer terminations referenced in Section 6 (2)(b):
1.
A licensee no longer has a continuing relationship with an individual if
the individual no longer is a current policyholder of an insurance product or
no longer obtains insurance services with or through the licensee.
2.
A licensee no longer has a continuing relationship with an individual if
the individual’s policy is lapsed, expired or otherwise inactive or dormant
under the licensee’s business practices, and the licensee has not communicated
with the customer about the relationship for a period of twelve (12)
consecutive months, other than to provide annual privacy notices, material
required by law or regulation, or promotional materials.
3.
For the purposes of this regulation, a licensee no longer has a
continuing relationship with an individual if the individual’s last known
address according to the licensee’s records is deemed invalid. An address of record is deemed invalid if
mail sent to that address by the licensee has been returned by the postal
authorities as undeliverable and if subsequent attempts by the licensee to obtain
a current valid address for the individual have been unsuccessful.
4.
A licensee no longer has a continuing relationship with a customer in
the case of providing real estate settlement services, at the time the customer
completes execution of all documents related to the real estate closing,
payment for those services has been received, or the licensee has completed all
of its responsibilities with respect to the settlement, including filing
documents on the public record, whichever is later.
e. Examples
of obtaining privacy notice as referenced in Section 7(4)(d). The licensee provides a reasonable means by
which a consumer may obtain a copy of its privacy notice if the licensee:
1.
Provides a toll-free telephone number that the consumer may call to
request the notice; or
2.
For a consumer who conducts business in person at the licensee’s office,
maintains copies of the notice on hand that the licensee provides to the
consumer immediately upon request.
f. Example of joint consumers opt out referenced in Section 8(4)(e). If John
and Mary are both named policyholders on a homeowner’s insurance policy issued
by a licensee and the licensee sends policy statements to John’s address, the
licensee may do any of the following, but it shall explain in its opt out
notice which opt out policy the licensee will follow:
1.
Send a single opt out notice to John’s address, but the licensee shall
accept an opt out direction from either John or Mary.
2.
Treat an opt out direction by either John or Mary as applying to the
entire policy. If the licensee does so
and John opts out, the licensee may not require Mary to opt out as well before
implementing John’s opt out direction.
3.
Permit John and Mary to make different opt out directions. If the licensee does so:
a.
It shall permit John and Mary to opt out for each other;
b.
If both opt out, the licensee shall permit both of them to notify it in
a single response, on a form or through a telephone call; and
c.
If John opts out and Mary does not, the licensee may only disclose
nonpublic personal financial information about Mary, but not about John and not
about John and Mary jointly.
g. Example
of initial notice requirement referenced in Section 21(2)(b). A licensee
provides an initial notice to consumers who are its customers on July 1, 2001,
if, by that date, the licensee has established a system for providing an initial
notice to all its new customers and has mailed the notice to all the licensee’s
existing customers.
