(a) Except as provided in this paragraph, to a consumer who becomes a customer of the licensee, not later than the date that the licensee establishes a continuing relationship under which the licensee provides one or more insurance products or services to the consumer that are to be used primarily for personal, family or household purposes. A licensee may provide the notice within a reasonable time after the date the licensee establishes a customer relationship if:
(A) Establishing the customer relationship is not at the customer’s election; or
(B) Providing notice not later than the date that the licensee establishes a customer relationship would substantially delay the customer’s transaction and the customer agrees to receive the notice at a later time.
(b) To a consumer other than as described in paragraph (a) of this subsection, before the licensee discloses any personal information about the consumer pursuant to the requirements of ORS 746.665, unless the disclosure meets one or more of the conditions specified in ORS 746.665.
(2)(a) Except as provided in paragraph (b) of this subsection, a licensee shall provide a clear and conspicuous notice to a customer that accurately reflects the licensee’s privacy policies and practices not less than annually during the continuation of the relationship described in subsection (1)(a) of this section. For the purpose of this subsection, a notice is given annually if the notice is given at least once in any period of 12 consecutive months during which the relationship exists. A licensee may define the period of 12 consecutive months, but the licensee must apply the period to the customer on a consistent basis.
(b) A licensee need not provide the notice described in paragraph (a) of this subsection each year if the licensee provides personal information to an unaffiliated third party only in accordance with ORS 746.665 and does not change the policies and practices related to disclosing personal information about which the licensee last notified customers in accordance with this section. If the licensee changes the licensee’s privacy policies and practices, the licensee shall notify customers in accordance with this section.
(3) The privacy notice required by subsections (1) and (2) of this section must be in writing and must be clear and conspicuous. The notice may be provided in electronic form if the recipient agrees. In addition to any other personal information the licensee wishes to provide, the notice must include the following items of personal information that apply to the licensee and to the individuals to whom the licensee sends the notice:
(a) The categories of personal information that the licensee collects.
(b) The categories of personal information that the licensee discloses.
(c) The categories of affiliates and nonaffiliated third parties to whom the licensee discloses personal information other than persons to whom the licensee discloses information under ORS 746.665.
(d) The categories of personal information about former customers of the licensee that the licensee discloses and the categories of affiliates and nonaffiliated third parties to whom the licensee discloses personal information about the licensee’s former customers, other than persons to whom the licensee discloses personal information under ORS 746.665.
(e) If a licensee discloses personal information to a nonaffiliated third party under ORS 746.665, a separate description of the categories of personal information the licensee discloses and the categories of nonaffiliated third parties with whom the licensee has contracted.
(f) An explanation of the individual’s right under ORS 746.630 to authorize disclosure of personal information, including the methods by which the individual may exercise that right.
(g) Any disclosure that the licensee makes under section 603(d)(2)(A)(iii) of the federal Fair Credit Reporting Act (15 U.S.C. 1681a(d)(2)(A)(iii)) regarding the ability to opt out of disclosures of personal information among affiliates.
(h) The policies and practices of the licensee with respect to protecting the confidentiality and security of personal information.
(i) Any disclosure that the licensee makes under subsection (4) of this section.
(j) A description of the rights established under ORS 746.640 and 746.645 and the manner in which such rights may be exercised.
(4) If a licensee discloses personal information as authorized under ORS 746.665, the licensee is not required to list those exceptions in the privacy notices required by this section. When describing the categories of parties to whom disclosure is made, the licensee shall state only that the licensee makes disclosures to other affiliated parties or nonaffiliated third parties, as applicable, as authorized by law.
(5) In lieu of the notice required in subsection (3) of this section, the licensee may provide to a consumer an abbreviated notice, in writing or in electronic form if the consumer agrees, informing the consumer that:
(a) Personal information may be collected from persons other than the consumer proposed for coverage;
(b) Such information as well as other personal or privileged information subsequently collected by the licensee may in certain circumstances be disclosed to third parties without authorization;
(c) A right of access and correction exists with respect to all personal information collected; and
(d) The licensee shall provide the notice prescribed in subsection (3) of this section to the consumer upon request.
(6) The Director of the Department of Consumer and Business Services by rule may apply the categories of consumer and customer as defined in ORS 746.600 for the purpose of establishing specific requirements for notice of personal information practices, authorization for disclosure of personal information, conditions for disclosure of personal information under this section and ORS 746.630 and 746.665, and exceptions. The director shall consider applicable definitions and terms used in the federal Gramm-Leach-Bliley Act (P.L. 106-102), applicable definitions and requirements used in the model "Privacy of Consumer Financial and Health Information Regulation" adopted by the National Association of Insurance Commissioners and other sources as may be needed so that the terms defined in ORS 746.600 and applicable to this section and ORS 746.630 and 746.665:
(a) Facilitate compliance with requirements in federal law and the laws of other states that establish protections of nonpublic personal information; and
(b) Establish separate and discrete requirements relating to the privacy notice and the contents and delivery of the privacy notice for customers and consumers, so that the requirements provide reasonable notice and facilitate compliance with requirements in federal law and in the laws of other states.
(7) The director shall determine by rule:
(a) When a privacy notice must be provided to a certificate holder or beneficiary of a group policy and to a third-party claimant.
(b) When the obligation to provide annual notice ceases.
(c) Requirements for revision of the notice by a licensee.
(8) An insurance producer is not subject to the requirements of this section when the insurer on whose behalf the insurance producer acts otherwise complies with the requirements of this section and the insurance producer does not disclose any personal information to any person other than the insurer or its affiliate, or as otherwise authorized by law.
(9) A licensee may provide a joint notice from the licensee and one or more of the licensee’s affiliates or other financial institutions, as identified in the notice, as long as the notice is accurate with respect to the licensee and the other institutions. A licensee may also provide a notice on behalf of a financial institution.
(10) The obligations imposed by this section upon a licensee may be satisfied by another licensee authorized to act on behalf of the first licensee.
(11) For purposes of this section and ORS 746.630 and 746.665, an individual is not the consumer of a licensee solely because the individual is covered under a group life insurance policy issued by the licensee or is a participant or beneficiary of an employee benefit plan that the licensee administers or sponsors or for which the licensee acts as a trustee, insurer or fiduciary, if:
(a) The licensee provides to the policyholder the initial, annual and revised notices under this section; and
(b) The licensee does not disclose to a nonaffiliated third party personal information about the individual other than as permitted by ORS 746.665.
(12) When an individual becomes a consumer of a licensee under subsection (11) of this section, this section and ORS 746.630 and 746.665 apply to the licensee with respect to the individual. [1981 c.649 §6; 2001 c.377 §26; 2003 c.87 §10; 2003 c.364 §155; 2017 c.365 §1]
Structure 2021 Oregon Revised Statutes
Volume : 18 - Financial Institutions, Insurance
Section 746.005 - Trade practices exempted from prohibitions.
Section 746.015 - Discrimination; noncompliance; hearing.
Section 746.021 - Discrimination under health benefit plans.
Section 746.045 - Prohibition on rebates; exceptions; rules.
Section 746.065 - Personal or controlled insurance.
Section 746.075 - Misrepresentation generally.
Section 746.115 - Advertisements in languages other than English.
Section 746.125 - Limitation on coverage of eye care services.
Section 746.135 - Genetic tests and information; rules.
Section 746.147 - Workers’ compensation insurance; quoting premiums.
Section 746.160 - Practices injurious to free competition.
Section 746.213 - Definitions for ORS 746.213 to 746.219.
Section 746.217 - Disclosures to customers.
Section 746.219 - Investigatory powers.
Section 746.230 - Unfair claim settlement practices.
Section 746.260 - Driving record not to be considered in issuance of motor vehicle insurance.
Section 746.265 - Purposes for which abstract of nonemployment driving record may be considered.
Section 746.275 - Definitions for ORS 746.275 to 746.300.
Section 746.285 - Notice of prohibition in motor vehicle repair shops; size; location.
Section 746.287 - Insurer requirement of installation of aftermarket crash part in vehicle.
Section 746.289 - Insurer offer of crash part warranty.
Section 746.290 - Notice of prohibition in policies and by adjusters.
Section 746.292 - Motor vehicle repair shops; invoices; estimates; warranties; prohibited practices.
Section 746.300 - Liability of insurers and motor vehicle repair shops for damages; attorney fees.
Section 746.308 - Violation of provisions regarding totaled vehicles as violation of Insurance Code.
Section 746.360 - Exceptions to application of unauthorized insurer service of process law.
Section 746.405 - Definitions for ORS 746.405 to 746.530.
Section 746.425 - Applicability of ORS 746.405 to 746.530.
Section 746.465 - Records required of premium finance companies; form; inspection.
Section 746.475 - Premium finance agreements; contents; form; delivery; notice to insurer.
Section 746.495 - Delinquency charges regulated.
Section 746.515 - Return of unearned premiums on cancellation.
Section 746.600 - Definitions for ORS 746.600 to 746.690.
Section 746.606 - Information privacy standards for health insurers.
Section 746.607 - Use and disclosure of personal information.
Section 746.610 - Application of ORS 746.600 to 746.690.
Section 746.611 - Personal representative of deceased person.
Section 746.620 - Notice of insurance information practices; exceptions; rules.
Section 746.630 - Authorization for disclosure of certain information; forms; revocation.
Section 746.632 - Genetic information used for treatment; authorization; disclosure.
Section 746.635 - Investigative consumer reports.
Section 746.640 - Access to recorded personal information.
Section 746.645 - Correction, amendment or deletion of recorded personal information.
Section 746.650 - Reasons for adverse underwriting decisions.
Section 746.660 - Basing adverse underwriting decision on previous adverse decision.
Section 746.661 - Use of credit history or insurance score.
Section 746.662 - Filing of insurance scoring models.
Section 746.665 - Limitations and conditions on disclosure of certain information.
Section 746.670 - Investigatory powers.
Section 746.687 - Cancellation of homeowner insurance policy.
Section 746.688 - Use of loss history reports; notice to consumer.