Residential MortgageCompliance Monitor

Rhode Island Adopts Rule Regarding Privacy of Consumer Financial Information

by: Amanda Nicholson

Rhode Island has recently adopted new rules and regulations pertaining to the privacy of consumer financial information. This regulation governs the treatment of all nonpublic financial information about individuals, claimants and beneficiaries of products or services by all insurance licensees of the Rhode Island Department of Business Regulation. It does not apply to any information about individuals who obtain a product or service for business or companies. This regulation is not meant to modify or limit the operations of the Rhode Island Workers Compensation Act and the health care provider’s duty to provide information related to workers compensation claim for benefits, so long as the information received is directly related to the claim for benefits.

Rules
 
This regulation requires a licensee to provide notice to individuals about privacy policy and practices. Also, to describe under what conditions a licensee may disclose nonpublic personal financial information to affiliates and nonaffiliated third parties. Lastly, it also provides individuals with information on how to prevent nonpublic personal financial information from being disclosed.

 

Initial Privacy Notice to Consumers Required
All licensees shall provide a clear and conspicuous notice that accurately reflects its privacy policies and practices to the customer. An individual becomes a customer once the licensee has established a customer relationship. The following exceptions apply to providing the policies and practices to the customer:
  1. The licensee does not disclose any nonpublic financial information about the customer to a nonaffiliated third party and the licensee does not yet have a customer relationship with the individual.
  2. Notice has already been given by an affiliated licensee, so long as this notice clearly identifies whom the notice applies to.
  3. When an existing customer obtains a new insurance product or service from a licensee that’s to be used primarily for personal, family or household purposes. This applies so long as, the licensee has either revised the initial notice or recently sent out an annual notice with respect to the product being obtained. 
Annual Privacy Notice to Customers Required
All licensees shall provide a clear and conspicuous notice to customers that accurately reflect its privacy policies and practices not less than annually during the continuation of the customer relationship. When referring to annually it means once within a twelve month period of time. Upon termination of the customer relationship, a licensee is not required to provide annual notice to a former customer.
 
Information to be Included in Privacy Notices
 
The initial, annual and revised privacy notices that a licensee provides shall include all the following information, in addition to any other information that the licensee wishes to provide:
  1. The categories of nonpublic personal financial information that the licensee collects.
  2. The categories of nonpublic personal financial information that the licensee discloses.
  3. The affiliated and nonaffiliated third parties to whom the licensee discloses nonpublic personal information
  4. The categories of nonpublic personal financial information about the licensee’s former customer that the licensee discloses and the categories of affiliated and nonaffiliated third parties to whom the licensee discloses information.
  5. Explanation of the customer right under section 11(A) of this regulation to opt out of the disclosure of nonpublic financial information to nonaffiliated third parties, including any methods which the customer may exercise that right.
  6. Any disclosures that the licensee makes under section 603(d)(2)(A)(iii) of the federal Fair Credit Reporting Act.
  7. The licensee’s policies and practices with respect to protecting the confidentiality and security of nonpublic personal financial information.
 
Form of Opt Out Notice to Customers and Opt out Methods 
 
If a licensee is required to provide a opt out notice under this regulation, it shall provide a clear and conspicuous notice to each of its customers that accurately explain the right to opt out. The notice shall state:
  1. The licensee discloses or reserves the right to disclose nonpublic personal financial information about its customers to a nonaffiliated third party.
  2. That the customer has the right to opt out of that disclosure.
  3. A reasonable means by which the customer may opt out.
Revised Privacy Notices
 
Except as otherwise noted in this regulation, a licensee shall not disclose any nonpublic personal financial information about the customer to a nonaffiliated third party. Unless, the nonpublic personal information was described in the initial notice by the licensee and then provided to the borrower. The exceptions to this rule are as follows:
  1. The licensee has provided to the customer a clear and conspicuous revised notice that accurately describes its policies and practices.
  2. The licensee has provided the customer with a new opt out notice.
  3. The licensee has given the customer a reasonable opportunity to opt out prior to the licensee disclosing information to the nonaffiliated third party.
  4. The customer has not already opted out.
Delivery
 
A licensee shall provide any notice that this regulation requires so that each Customer can reasonably be expected to receive actual notice in writing or, if the customer has agreed, electronically. An oral description of the notice is insufficient and not considered delivery of notice.
Limits on Sharing Account Number Information for Marketing Purposes
 
A licensee shall not disclose, other than to a consumer reporting agency, a policy number or similar form of access number or access code for a customer’s policy or transaction account to any nonaffiliated third party for use in telemarking, direct mail marketing or other marketing through electronic mail to the customer. This section also applies to any affiliated parties of the licensee.
Nondiscrimination
 
No licensee shall unfairly discriminate against any consumer or customer because that individual has opted out from the disclosure of his or her nonpublic personal financial information.
 
About the Author:
Amanda Nicholson, J.D. is Associate Counsel and Compliance Specialist at Bankers Advisory. She is a graduate of the University of Southern Maine and earned her Juris Doctor at the Massachusetts School of Law. She can be reached at amanda@bankersadvisory.com

Tags: , State Mortgage Compliance | Comments Off on Rhode Island Adopts Rule Regarding Privacy of Consumer Financial Information

  • 781-402-6415

Anna DeSimone founded Bankers Advisory in 1986 and is a nationally recognized authority in residential mortgage lending. She has received numerous industry awards and has authored more than 40 best practices guides and hundreds of articles.

Comments are closed.

Subscribe to Blog   

Residential Mortgage Compliance Monitor is an educational resource for financial institutions, providing announcements, legislative summaries, and policy changes issued by state and national regulators. Announcements also cover mortgage lending rules of HUD, Fannie Mae, Freddie Mac, and other mortgage agencies.