Jurris.COM
Section 4053 Of Division 1.4. California Financial Information Privacy Act From California Financial Code >> Division 1.4.
4053
. (a) (1) A financial institution shall not disclose to, or
share a consumer's nonpublic personal information with, any
nonaffiliated third party as prohibited by Section 4052.5, unless the
financial institution has obtained a consent acknowledgment from the
consumer that complies with paragraph (2) that authorizes the
financial institution to disclose or share the nonpublic personal
information. Nothing in this section shall prohibit or otherwise
apply to the disclosure of nonpublic personal information as allowed
in Section 4056. A financial institution shall not discriminate
against or deny an otherwise qualified consumer a financial product
or a financial service because the consumer has not provided consent
pursuant to this subdivision and Section 4052.5 to authorize the
financial institution to disclose or share nonpublic personal
information pertaining to him or her with any nonaffiliated third
party. Nothing in this section shall prohibit a financial institution
from denying a consumer a financial product or service if the
financial institution could not provide the product or service to a
consumer without the consent to disclose the consumer's nonpublic
personal information required by this subdivision and Section 4052.5,
and the consumer has failed to provide consent. A financial
institution shall not be liable for failing to offer products and
services to a consumer solely because that consumer has failed to
provide consent pursuant to this subdivision and Section 4052.5 and
the financial institution could not offer the product or service
without the consent to disclose the consumer's nonpublic personal
information required by this subdivision and Section 4052.5, and the
consumer has failed to provide consent. Nothing in this section is
intended to prohibit a financial institution from offering incentives
or discounts to elicit a specific response to the notice.
(2) A financial institution shall utilize a form, statement, or writing to obtain consent to disclose nonpublic personal information to nonaffiliated third parties as required by Section 4052.5 and this subdivision. The form, statement, or writing shall meet all of the following criteria:
(A) The form, statement, or writing is a separate document, not attached to any other document.
(B) The form, statement, or writing is dated and signed by the consumer.
(C) The form, statement, or writing clearly and conspicuously discloses that by signing, the consumer is consenting to the disclosure to nonaffiliated third parties of nonpublic personal information pertaining to the consumer.
(D) The form, statement, or writing clearly and conspicuously discloses (i) that the consent will remain in effect until revoked or modified by the consumer; (ii) that the consumer may revoke the consent at any time; and (iii) the procedure for the consumer to revoke consent.
(E) The form, statement, or writing clearly and conspicuously informs the consumer that (i) the financial institution will maintain the document or a true and correct copy; (ii) the consumer is entitled to a copy of the document upon request; and (iii) the consumer may want to make a copy of the document for the consumer's records.
(b) (1) A financial institution shall not disclose to, or share a consumer's nonpublic personal information with, an affiliate unless the financial institution has clearly and conspicuously notified the consumer annually in writing pursuant to subdivision (d) that the nonpublic personal information may be disclosed to an affiliate of the financial institution and the consumer has not directed that the nonpublic personal information not be disclosed. A financial institution does not disclose information to, or share information with, its affiliate merely because information is maintained in common information systems or databases, and employees of the financial institution and its affiliate have access to those common information systems or databases, or a consumer accesses a Web site jointly operated or maintained under a common name by or on behalf of the financial institution and its affiliate, provided that where a consumer has exercised his or her right to prohibit disclosure pursuant to this division, nonpublic personal information is not further disclosed or used by an affiliate except as permitted by this division.
(2) Subdivision (a) shall not prohibit the release of nonpublic personal information by a financial institution with whom the consumer has a relationship to a nonaffiliated financial institution for purposes of jointly offering a financial product or financial service pursuant to a written agreement with the financial institution that receives the nonpublic personal information provided that all of the following requirements are met:
(A) The financial product or service offered is a product or service of, and is provided by, at least one of the financial institutions that is a party to the written agreement.
(B) The financial product or service is jointly offered, endorsed, or sponsored, and clearly and conspicuously identifies for the consumer the financial institutions that disclose and receive the disclosed nonpublic personal information.
(C) The written agreement provides that the financial institution that receives that nonpublic personal information is required to maintain the confidentiality of the information and is prohibited from disclosing or using the information other than to carry out the joint offering or servicing of a financial product or financial service that is the subject of the written agreement.
(D) The financial institution that releases the nonpublic personal information has complied with subdivision (d) and the consumer has not directed that the nonpublic personal information not be disclosed.
(E) Notwithstanding this section, until January 1, 2005, a financial institution may disclose nonpublic personal information to a nonaffiliated financial institution pursuant to a preexisting contract with the nonaffiliated financial institution, for purposes of offering a financial product or financial service, if that contract was entered into on or before January 1, 2004. Beginning on January 1, 2005, no nonpublic personal information may be disclosed pursuant to that contract unless all the requirements of this subdivision are met.
(3) Nothing in this subdivision shall prohibit a financial institution from disclosing or sharing nonpublic personal information as otherwise specifically permitted by this division.
(4) A financial institution shall not discriminate against or deny an otherwise qualified consumer a financial product or a financial service because the consumer has directed pursuant to this subdivision that nonpublic personal information pertaining to him or her not be disclosed. A financial institution shall not be required to offer or provide products or services offered through affiliated entities or jointly with nonaffiliated financial institutions pursuant to paragraph (2) where the consumer has directed that nonpublic personal information not be disclosed pursuant to this subdivision and the financial institution could not offer or provide the products or services to the consumer without disclosure of the consumer's nonpublic personal information that the consumer has directed not be disclosed pursuant to this subdivision. A financial institution shall not be liable for failing to offer or provide products or services offered through affiliated entities or jointly with nonaffiliated financial institutions pursuant to paragraph (2) solely because the consumer has directed that nonpublic personal information not be disclosed pursuant to this subdivision and the financial institution could not offer or provide the products or services to the consumer without disclosure of the consumer's nonpublic personal information that the consumer has directed not be disclosed to affiliates pursuant to this subdivision. Nothing in this section is intended to prohibit a financial institution from offering incentives or discounts to elicit a specific response to the notice set forth in this division. Nothing in this section shall prohibit the disclosure of nonpublic personal information allowed by Section 4056.
(5) The financial institution may, at its option, choose instead to comply with the requirements of subdivision (a).
(c) Nothing in this division shall restrict or prohibit the sharing of nonpublic personal information between a financial institution and its wholly owned financial institution subsidiaries; among financial institutions that are each wholly owned by the same financial institution; among financial institutions that are wholly owned by the same holding company; or among the insurance and management entities of a single insurance holding company system consisting of one or more reciprocal insurance exchanges which has a single corporation or its wholly owned subsidiaries providing management services to the reciprocal insurance exchanges, provided that in each case all of the following requirements are met:
(1) The financial institution disclosing the nonpublic personal information and the financial institution receiving it are regulated by the same functional regulator; provided, however, that for purposes of this subdivision, financial institutions regulated by the Office of the Comptroller of the Currency, Office of Thrift Supervision, National Credit Union Administration, or a state regulator of depository institutions shall be deemed to be regulated by the same functional regulator; financial institutions regulated by the Securities and Exchange Commission, the United States Department of Labor, or a state securities regulator shall be deemed to be regulated by the same functional regulator; and insurers admitted in this state to transact insurance and licensed to write insurance policies shall be deemed to be in compliance with this paragraph.
(2) The financial institution disclosing the nonpublic personal information and the financial institution receiving it are both principally engaged in the same line of business. For purposes of this subdivision, "same line of business" shall be one and only one of the following:
(A) Insurance.
(B) Banking.
(C) Securities.
(3) The financial institution disclosing the nonpublic personal information and the financial institution receiving it share a common brand, excluding a brand consisting solely of a graphic element or symbol, within their trademark, service mark, or trade name, which is used to identify the source of the products and services provided. A wholly owned subsidiary shall include a subsidiary wholly owned directly or wholly owned indirectly in a chain of wholly owned subsidiaries. Nothing in this subdivision shall permit the disclosure by a financial institution of medical record information, as defined in Section 791.02 of the Insurance Code, except in compliance with the requirements of this division, including the requirements set forth in subdivisions (a) and (b).
(d) (1) A financial institution shall be conclusively presumed to have satisfied the notice requirements of subdivision (b) if it uses the form set forth in this subdivision. The form set forth in this subdivision or a form that complies with subparagraphs (A) to (L), inclusive, of this paragraph shall be sent by the financial institution to the consumer so that the consumer may make a decision and provide direction to the financial institution regarding the sharing of his or her nonpublic personal information. If a financial institution does not use the form set forth in this subdivision, the financial institution shall use a form that meets all of the following requirements:
(A) The form uses the same title ("IMPORTANT PRIVACY CHOICES FOR CONSUMERS") and the headers, if applicable, as follows: "Restrict Information Sharing With Companies We Own Or Control (Affiliates)" and "Restrict Information Sharing With Other Companies We Do Business With To Provide Financial Products And Services."
(B) The titles and headers in the form are clearly and conspicuously displayed, and no text in the form is smaller than 10-point type.
(C) The form is a separate document, except as provided by subparagraph (D) of paragraph (2), and Sections 4054 and 4058.7.
(D) The choice or choices pursuant to subdivision (b) and Section 4054.6, if applicable, provided in the form are stated separately and may be selected by checking a box.
(E) The form is designed to call attention to the nature and significance of the information in the document.
(F) The form presents information in clear and concise sentences, paragraphs, and sections.
(G) The form uses short explanatory sentences (an average of 15-20 words) or bullet lists whenever possible.
(H) The form avoids multiple negatives, legal terminology, and highly technical terminology whenever possible.
(I) The form avoids explanations that are imprecise and readily subject to different interpretations.
(J) The form achieves a minimum Flesch reading ease score of 50, as defined in Section 2689.4(a)(7) of Title 10 of the California Code of Regulations, in effect on March 24, 2003, except that the information in the form included to comply with subparagraph (A) shall not be included in the calculation of the Flesch reading ease score, and the information used to describe the choice or choices pursuant to subparagraph (D) shall score no lower than the information describing the comparable choice or choices set forth in the form in this subdivision.
(K) The form provides wide margins, ample line spacing and uses boldface or italics for key words.
(L) The form is not more than one page.
(2) (A) None of the instructional items appearing in brackets in the form set forth in this subdivision shall appear in the form provided to the consumer, as those items are for explanation purposes only. If a financial institution does not disclose or share nonpublic personal information as described in a header of the form, the financial institution may omit the applicable header or headers, and the accompanying information and box, in the form it provides pursuant to this subdivision. The form with those omissions shall be conclusively presumed to satisfy the notice requirements of this subdivision.
(2) A financial institution shall utilize a form, statement, or writing to obtain consent to disclose nonpublic personal information to nonaffiliated third parties as required by Section 4052.5 and this subdivision. The form, statement, or writing shall meet all of the following criteria:
(A) The form, statement, or writing is a separate document, not attached to any other document.
(B) The form, statement, or writing is dated and signed by the consumer.
(C) The form, statement, or writing clearly and conspicuously discloses that by signing, the consumer is consenting to the disclosure to nonaffiliated third parties of nonpublic personal information pertaining to the consumer.
(D) The form, statement, or writing clearly and conspicuously discloses (i) that the consent will remain in effect until revoked or modified by the consumer; (ii) that the consumer may revoke the consent at any time; and (iii) the procedure for the consumer to revoke consent.
(E) The form, statement, or writing clearly and conspicuously informs the consumer that (i) the financial institution will maintain the document or a true and correct copy; (ii) the consumer is entitled to a copy of the document upon request; and (iii) the consumer may want to make a copy of the document for the consumer's records.
(b) (1) A financial institution shall not disclose to, or share a consumer's nonpublic personal information with, an affiliate unless the financial institution has clearly and conspicuously notified the consumer annually in writing pursuant to subdivision (d) that the nonpublic personal information may be disclosed to an affiliate of the financial institution and the consumer has not directed that the nonpublic personal information not be disclosed. A financial institution does not disclose information to, or share information with, its affiliate merely because information is maintained in common information systems or databases, and employees of the financial institution and its affiliate have access to those common information systems or databases, or a consumer accesses a Web site jointly operated or maintained under a common name by or on behalf of the financial institution and its affiliate, provided that where a consumer has exercised his or her right to prohibit disclosure pursuant to this division, nonpublic personal information is not further disclosed or used by an affiliate except as permitted by this division.
(2) Subdivision (a) shall not prohibit the release of nonpublic personal information by a financial institution with whom the consumer has a relationship to a nonaffiliated financial institution for purposes of jointly offering a financial product or financial service pursuant to a written agreement with the financial institution that receives the nonpublic personal information provided that all of the following requirements are met:
(A) The financial product or service offered is a product or service of, and is provided by, at least one of the financial institutions that is a party to the written agreement.
(B) The financial product or service is jointly offered, endorsed, or sponsored, and clearly and conspicuously identifies for the consumer the financial institutions that disclose and receive the disclosed nonpublic personal information.
(C) The written agreement provides that the financial institution that receives that nonpublic personal information is required to maintain the confidentiality of the information and is prohibited from disclosing or using the information other than to carry out the joint offering or servicing of a financial product or financial service that is the subject of the written agreement.
(D) The financial institution that releases the nonpublic personal information has complied with subdivision (d) and the consumer has not directed that the nonpublic personal information not be disclosed.
(E) Notwithstanding this section, until January 1, 2005, a financial institution may disclose nonpublic personal information to a nonaffiliated financial institution pursuant to a preexisting contract with the nonaffiliated financial institution, for purposes of offering a financial product or financial service, if that contract was entered into on or before January 1, 2004. Beginning on January 1, 2005, no nonpublic personal information may be disclosed pursuant to that contract unless all the requirements of this subdivision are met.
(3) Nothing in this subdivision shall prohibit a financial institution from disclosing or sharing nonpublic personal information as otherwise specifically permitted by this division.
(4) A financial institution shall not discriminate against or deny an otherwise qualified consumer a financial product or a financial service because the consumer has directed pursuant to this subdivision that nonpublic personal information pertaining to him or her not be disclosed. A financial institution shall not be required to offer or provide products or services offered through affiliated entities or jointly with nonaffiliated financial institutions pursuant to paragraph (2) where the consumer has directed that nonpublic personal information not be disclosed pursuant to this subdivision and the financial institution could not offer or provide the products or services to the consumer without disclosure of the consumer's nonpublic personal information that the consumer has directed not be disclosed pursuant to this subdivision. A financial institution shall not be liable for failing to offer or provide products or services offered through affiliated entities or jointly with nonaffiliated financial institutions pursuant to paragraph (2) solely because the consumer has directed that nonpublic personal information not be disclosed pursuant to this subdivision and the financial institution could not offer or provide the products or services to the consumer without disclosure of the consumer's nonpublic personal information that the consumer has directed not be disclosed to affiliates pursuant to this subdivision. Nothing in this section is intended to prohibit a financial institution from offering incentives or discounts to elicit a specific response to the notice set forth in this division. Nothing in this section shall prohibit the disclosure of nonpublic personal information allowed by Section 4056.
(5) The financial institution may, at its option, choose instead to comply with the requirements of subdivision (a).
(c) Nothing in this division shall restrict or prohibit the sharing of nonpublic personal information between a financial institution and its wholly owned financial institution subsidiaries; among financial institutions that are each wholly owned by the same financial institution; among financial institutions that are wholly owned by the same holding company; or among the insurance and management entities of a single insurance holding company system consisting of one or more reciprocal insurance exchanges which has a single corporation or its wholly owned subsidiaries providing management services to the reciprocal insurance exchanges, provided that in each case all of the following requirements are met:
(1) The financial institution disclosing the nonpublic personal information and the financial institution receiving it are regulated by the same functional regulator; provided, however, that for purposes of this subdivision, financial institutions regulated by the Office of the Comptroller of the Currency, Office of Thrift Supervision, National Credit Union Administration, or a state regulator of depository institutions shall be deemed to be regulated by the same functional regulator; financial institutions regulated by the Securities and Exchange Commission, the United States Department of Labor, or a state securities regulator shall be deemed to be regulated by the same functional regulator; and insurers admitted in this state to transact insurance and licensed to write insurance policies shall be deemed to be in compliance with this paragraph.
(2) The financial institution disclosing the nonpublic personal information and the financial institution receiving it are both principally engaged in the same line of business. For purposes of this subdivision, "same line of business" shall be one and only one of the following:
(A) Insurance.
(B) Banking.
(C) Securities.
(3) The financial institution disclosing the nonpublic personal information and the financial institution receiving it share a common brand, excluding a brand consisting solely of a graphic element or symbol, within their trademark, service mark, or trade name, which is used to identify the source of the products and services provided. A wholly owned subsidiary shall include a subsidiary wholly owned directly or wholly owned indirectly in a chain of wholly owned subsidiaries. Nothing in this subdivision shall permit the disclosure by a financial institution of medical record information, as defined in Section 791.02 of the Insurance Code, except in compliance with the requirements of this division, including the requirements set forth in subdivisions (a) and (b).
(d) (1) A financial institution shall be conclusively presumed to have satisfied the notice requirements of subdivision (b) if it uses the form set forth in this subdivision. The form set forth in this subdivision or a form that complies with subparagraphs (A) to (L), inclusive, of this paragraph shall be sent by the financial institution to the consumer so that the consumer may make a decision and provide direction to the financial institution regarding the sharing of his or her nonpublic personal information. If a financial institution does not use the form set forth in this subdivision, the financial institution shall use a form that meets all of the following requirements:
(A) The form uses the same title ("IMPORTANT PRIVACY CHOICES FOR CONSUMERS") and the headers, if applicable, as follows: "Restrict Information Sharing With Companies We Own Or Control (Affiliates)" and "Restrict Information Sharing With Other Companies We Do Business With To Provide Financial Products And Services."
(B) The titles and headers in the form are clearly and conspicuously displayed, and no text in the form is smaller than 10-point type.
(C) The form is a separate document, except as provided by subparagraph (D) of paragraph (2), and Sections 4054 and 4058.7.
(D) The choice or choices pursuant to subdivision (b) and Section 4054.6, if applicable, provided in the form are stated separately and may be selected by checking a box.
(E) The form is designed to call attention to the nature and significance of the information in the document.
(F) The form presents information in clear and concise sentences, paragraphs, and sections.
(G) The form uses short explanatory sentences (an average of 15-20 words) or bullet lists whenever possible.
(H) The form avoids multiple negatives, legal terminology, and highly technical terminology whenever possible.
(I) The form avoids explanations that are imprecise and readily subject to different interpretations.
(J) The form achieves a minimum Flesch reading ease score of 50, as defined in Section 2689.4(a)(7) of Title 10 of the California Code of Regulations, in effect on March 24, 2003, except that the information in the form included to comply with subparagraph (A) shall not be included in the calculation of the Flesch reading ease score, and the information used to describe the choice or choices pursuant to subparagraph (D) shall score no lower than the information describing the comparable choice or choices set forth in the form in this subdivision.
(K) The form provides wide margins, ample line spacing and uses boldface or italics for key words.
(L) The form is not more than one page.
(2) (A) None of the instructional items appearing in brackets in the form set forth in this subdivision shall appear in the form provided to the consumer, as those items are for explanation purposes only. If a financial institution does not disclose or share nonpublic personal information as described in a header of the form, the financial institution may omit the applicable header or headers, and the accompanying information and box, in the form it provides pursuant to this subdivision. The form with those omissions shall be conclusively presumed to satisfy the notice requirements of this subdivision.
