Information to be included in privacy notices – Wis. Admin. Code Ins §25-15

Information to be included in privacy notices

This law states what information needs to be included in privacy notices that insurers are required to send to their customers:

• Categories of nonpublic personal financial information that the insurer collects – information from the consumer, about his/her transactions with the insurer or third parties, and information from a consumer reporting agency
• Categories of nonpublic financial information that the insurer discloses –

o   To satisfy this requirement, the insurer has to categorize the information according to source and provide examples as necessary to illustrate what type of information is included in the category

o   Insurers cannot use general terms to describe the category

o   If an insurer wants to reserve the right to disclose all nonpublic financial information of its customers, then the insurer can clearly state that without referring to categories

• Categories of affiliates and other third parties to whom the insurer discloses this nonpublic personal financial information

o   To satisfy this disclosure requirement, the insurer has to identify the type of business that the insurer and the third party are involved in

o   The law allows an insurer to define the type of business in general terms as long as the insurer gives one example

• Categories of nonpublic personal financial information about insurer's former customers that the insurer discloses, and the categories of affiliates and other third parties to whom the insurer discloses this information about their former customers

o   The above rules apply with respect to how detailed the categories have to be

• In case the insurer discloses nonpublic financial information to third-parties that the insurer is not affiliated with, then the insurer must provide a separate description of the categories of information that the insurer discloses and the categories of third parties that the insurer has contracts with to that effect
• Explanation that a customer can choose to opt out of disclosure of this nonpublic personal financial information to nonaffiliated third parties
• Notice of any information disclosed by the insurer under federal Fair Credit Reporting Act
• The insurer's policies and practices with respect to confidentiality and security of the consumer's nonpublic personal financial information

The law exempts insurers from notifying their consumers of disclosure in certain circumstances, including but not limited to:  servicing an insurance product, maintaining a customer’s account with an insurer, during secondary market sale, for purposes of reinsurance, when the customer has consented to the disclosure, to protect against fraud, to people holding a legal interest relating to the customer, to persons acting on behalf of the consumer in a fiduciary capacity.

The law allows those insurers who do not disclose information about customers to third parties except as otherwise authorized by the law to give their customers a simplified notice.  The law also specifies how an insurer is required to give notice about their policies with respect to protecting confidentiality by asking insurers to notify the customers about who has authorization to have access and describing their security practices.  The law further sets forth the abbreviated notice requirements with respect to the insurer's non-customers.