Register February 2018 No. 746
Chapter Ins 25
PRIVACY OF CONSUMER FINANCIAL AND HEALTH INFORMATION
Subchapter I — General Provisions
Ins 25.02 Purpose and scope.
Ins 25.03 Rule of construction.
Subchapter II — Privacy and Opt-Out Notices for Financial Information
Ins 25.10 Initial privacy notice to consumers required.
Ins 25.13 Annual privacy notice to customers required.
Ins 25.15 Information to be included in privacy notices.
Ins 25.17 Form of opt out notice to consumers and opt out methods.
Ins 25.20 Revised privacy notices.
Subchapter III — Limits on Disclosures of Financial Information
Ins 25.30 Limits on disclosure of nonpublic personal financial information to nonaffiliated third parties.
Ins 25.35 Limits on re-disclosure and reuse of nonpublic personal financial information.
Ins 25.40 Limits on sharing account number information for marketing purposes.
Subchapter IV — Exceptions to Limits on Disclosure of Financial Information
Ins 25.50 Exception to opt out requirements for disclosure of nonpublic personal financial information for service providers and joint marketing.
Ins 25.55 Exceptions to notice and opt out requirements for disclosure of nonpublic personal financial information for processing and servicing transactions.
Ins 25.60 Other exceptions to notice and opt out requirements for disclosure of nonpublic personal financial information.
Subchapter V — Health Information
Ins 25.70 When authorization required for disclosure of nonpublic personal health information.
Ins 25.73 Authorizations.
Ins 25.75 Authorization request delivery.
Ins 25.77 Relationship to federal rules.
Ins 25.80 Insurers and agents compliance with s.
610.70, Stats.
Subchapter VI — Additional Provisions
Ins 25.90 Nondiscrimination.
Ins 25.95 Effective date.
Ins 25.01 History
History: Cr.
Register, June, 2001, No. 546, eff. 7-1-01.
Ins 25.02(1)
(1)
Purposes. This chapter governs the treatment of nonpublic personal health information and nonpublic personal financial information about individuals by all licensees of the office of the commissioner of insurance except to the extent that a licensee is excepted from a provision of this chapter. This chapter does all of the following:
Ins 25.02(1)(a)
(a) It requires a licensee to provide notice to individuals about its privacy policies and practices.
Ins 25.02(1)(b)
(b) It describes the conditions under which a licensee may disclose nonpublic personal health information and nonpublic personal financial information about individuals to affiliates and nonaffiliated third parties.
Ins 25.02(1)(c)
(c) It provides methods for individuals to prevent a licensee from disclosing that information.
Ins 25.02(2)(a)
(a) Nonpublic personal financial information about individuals who obtain or are beneficiaries of products or services primarily for personal, family or household purposes from licensees, about individuals who are beneficiaries under group health plans and claimants under workers' compensation policies, and about individuals who are third-party claimants against products or services obtained for
business, commercial or agricultural purposes. This chapter does not apply to information about companies or about individuals who obtain products or services for business, commercial or agricultural purposes; and
Ins 25.02(2)(b)
(b) All nonpublic personal health information about individuals who obtain or are beneficiaries of products or services primarily for personal, family or household purposes from licensees, about individuals who are beneficiaries under group health plans and claimants under workers' compensation policies, and about individuals who are third-party claimants against products or services obtained for business, commercial or agricultural purposes, except to the extent the information is subject to s.
51.30,
146.81 to
146.84 or
610.70, Stats.
Ins 25.02(3)
(3) Extra-territorial application. A licensee domiciled in this state that is in compliance with this chapter in a state that has not enacted laws or regulations that meet the requirements of Title V of the Gramm-Leach-Bliley Act (PL
102-106) is in compliance with Title V of the Gramm-Leach-Bliley Act in such other state.
Ins 25.02 History
History: Cr.
Register, June, 2001, No. 546, eff. 7-1-01.
Ins 25.03
Ins 25.03 Rule of construction. The examples in this chapter and the sample clauses in Appendix A of this chapter are not exclusive. Compliance with an example or use of a sample clause, to the extent applicable, constitutes compliance with this chapter.
Ins 25.03 History
History: Cr.
Register, June, 2001, No. 546, eff. 7-1-01.
Ins 25.04
Ins 25.04 Definitions. As used in this chapter, unless the context requires otherwise:
Ins 25.04(1)
(1) “Affiliate" means any company that controls, is controlled by or is under common control with another company.
Ins 25.04(2)(a)(a) “Clear and conspicuous" means that a notice is reasonably understandable and designed to call attention to the nature and significance of the information in the notice.
Ins 25.04(2)(b)
(b) The following are examples of the application of “clear and conspicuous:"
Ins 25.04(2)(b)1.
1. `Reasonably understandable.' A licensee makes its notice reasonably understandable if it does all of the following:
Ins 25.04(2)(b)1.a.
a. Presents the information in the notice in clear, concise sentences, paragraphs, and sections.
Ins 25.04(2)(b)1.c.
c. Uses definite, concrete, everyday words and active voice whenever possible.
Ins 25.04(2)(b)1.e.
e. Avoids legal and highly technical business terminology whenever possible.
Ins 25.04(2)(b)1.f.
f. Avoids explanations that are imprecise and readily subject to different interpretations.
Ins 25.04(2)(b)2.
2. `Designed to call attention.' A licensee designs its notice to call attention to the nature and significance of the information in it if the licensee does all of the following:
Ins 25.04(2)(b)2.e.
e. In a form that combines the licensee's notice with other information, uses distinctive type size, style, and graphic devices, such as shading or sidebars.
Ins 25.04(2)(b)3.
3. `Notices on web sites.' If a licensee provides a notice on a web page, the licensee designs its notice to call attention to the nature and significance of the information in it if the licensee uses text or visual cues to encourage scrolling down the page if necessary to view the entire notice and ensures that other elements on the web site, such as text, graphics, hyperlinks or sound, do not distract attention from the notice, and the licensee does any of the following:
Ins 25.04(2)(b)3.a.
a. Places the notice on a screen that consumers frequently access, such as a page on which transactions are conducted.
Ins 25.04(2)(b)3.b.
b. Places a link on a screen that consumers frequently access, such as a page on which transactions are conducted, that connects directly to the notice and is labeled appropriately to convey the importance, nature and relevance of the notice.
Ins 25.04(3)
(3) “Collect" means to obtain information that the licensee organizes or can retrieve by the name of an individual or by identifying number, symbol or other identifying particular assigned to the individual, irrespective of the source of the underlying information.
Ins 25.04(4)
(4) “Commissioner" means the commissioner of insurance.
Ins 25.04(5)
(5) “Company" means a corporation, limited liability company, business trust, general or limited partnership, association, sole proprietorship or similar organization.
Ins 25.04(6)(a)(a) “Consumer" means an individual about whom a licensee has nonpublic personal information, who:
Ins 25.04(6)(a)1.
1. Seeks to obtain, obtains or has obtained an insurance product or service from a licensee that is to be used primarily for personal, family or household purposes;