Section R590-206-13 - Limits on Reusing Nonpublic Personal Financial Information(1)(a) If a licensee receives nonpublic personal financial information from a nonaffiliated financial institution under an exception in Section R590-206-16 or R590-206-17, disclosure and use of that information is limited as follows: (i) a licensee may disclose the information to an affiliate of the financial institution from which the licensee received the information;(ii) a licensee may disclose the information to its affiliate, but the affiliate may disclose and use the information only to the extent that the licensee may disclose and use the information; and(iii) a licensee may disclose and use the information in the ordinary course of business to carry out the activity covered by the exception under which the licensee received the information.(b) If a licensee receives information from a nonaffiliated financial institution for claims settlement purposes, the licensee may disclose the information for fraud prevention, or in response to a properly authorized subpoena.(c) A licensee may not disclose information to a third party for marketing purposes or use the information for its own marketing purposes.(2)(a) If a licensee receives nonpublic personal financial information from a nonaffiliated financial institution other than under an exception in Section R590-206-16 or R590-206-17, the licensee may disclose the information: (i) to an affiliate of the financial institution from which the licensee received the information;(ii) to its affiliate, but its affiliate may disclose the information only to the extent the licensee may disclose the information; and(iii) to any other person, if the disclosure is lawful if made directly to that person by the financial institution from which the licensee received the information.(b) If a licensee obtains a customer list from a nonaffiliated financial institution outside of the exceptions in Sections R590-206-16 and R590-206-17, a licensee may: (i) use the list for its own purposes; and(ii) disclose the list to a nonaffiliated third party if the financial institution from which the licensee purchased the list could have lawfully disclosed the list to that third party.(3) If a licensee discloses nonpublic personal financial information to a nonaffiliated third party under an exception in Section R590-206-16 or R590-206-17, the third party may disclose and use the information as follows: (a) to an affiliate of the licensee;(b) to its affiliate, but its affiliate may disclose and use the information only to the extent that the third party may disclose and use the information; and(c) in the ordinary course of business to carry out the activity covered by the exception under which it received the information.(4) If a licensee discloses nonpublic personal financial information to a nonaffiliated third party other than under an exception in Section R590-206-16 or R590-206-17, the third party may disclose the information: (a) to an affiliate of the licensee;(b) to its affiliate, but its affiliate may disclose the information only to the extent the third party may disclose the information; and(c) to any other person, if the disclosure would be lawful if the licensee made it directly to that person.Utah Admin. Code R590-206-13
Amended by Utah State Bulletin Number 2017-15, effective 7/11/2017Adopted by Utah State Bulletin Number 2023-23, effective 11/21/2023