§ 58‑39‑26.  Federal privacy disclosure notice requirements.

(a) Disclosure Required. – In addition to the notice requirements of G.S. 58‑39‑25, an insurance institution or agent shall provide, to all applicants and policyholders no later than (i) before the initial disclosure of personal information under G.S. 58‑39‑75(11) or (ii) the time of the delivery of the insurance policy or certificate, a clear and conspicuous notice, in written or electronic form, of the insurance institution or agent's policies and practices with respect to:

(1) Disclosing nonpublic personal information to affiliates and nonaffiliated third parties, consistent with section 502 of Public Law 106‑102, including the categories of information that may be disclosed.

(2) Disclosing nonpublic personal information of persons who have ceased to be customers of the financial institution.

(3) Protecting the nonpublic personal information of consumers.

These disclosures shall be made in accordance with the regulations prescribed under section 504 of Public Law 106‑102.

(b) Information to Be Included. – The disclosure required by subsection (a) of this section shall include:

(1) The policies and practices of the insurance institution or agent with respect to disclosing nonpublic personal information to nonaffiliated third parties, other than agents of the insurance institution or agent, consistent with section 502 of Public Law 106‑102, and including:

a. The categories of persons to whom the information is or may be disclosed, other than the persons to whom the information may be provided under section 502(e) of Public Law 106‑102.

b. The policies and practices of the insurance institution or agent with respect to disclosing of nonpublic personal information of persons who have ceased to be customers of the insurance institution or agent.

(2) The categories of nonpublic personal information that are collected by the insurance institution or agent.

(3) The policies that the insurance institution or agent maintains to protect the confidentiality and security of nonpublic personal information in accordance with section 501 of Public Law 106‑102.

(4) The disclosures required, if any, under section 603(d)(2)(A) (iii) of the Fair Credit Reporting Act.

(c) In the case of a policyholder, the notice required by this section shall be provided not less than annually during the continuation of the policy. As used in this subsection, "annually" means at least once in any period of 12 consecutive months during which the policy is in effect.

(d) Exception to Annual Notice Requirement. – An insurance institution or agent is not required to provide the privacy notice annually as required under subsection (c) of this section if all of the following apply:

(1) The insurance institution or agent provides nonpublic personal information only in accordance with the provisions of sections 502(b)(2) or 502(e) of Public Law 106‑102 or regulations prescribed under section 504(b) of Public Law 106‑102.

(2) The insurance institution or agent has not changed its policies and practices with regard to disclosing nonpublic personal information from the policies and practices that were disclosed in the most recent disclosure sent to consumers in accordance with this section.

If, at any time, subdivision (1) or (2) of this subsection no longer applies to an insurance institution or agent, then the insurance institution or agent shall be required to provide the annual privacy notice required under subsection (c) of this section. (2001‑351, s. 4; 2003‑262, s. 2(1); 2019‑179, s. 5.)