Code of Virginia
Chapter 6 - Insurance Information and Privacy Protection
§ 38.2-604.1. Notice of financial information collection and disclosure practices

A. An insurance institution or agent shall provide clear and conspicuous notice of financial information collection and disclosure practices in connection with insurance transactions as required by subsection B of this section:
1. To an applicant before any financial information is disclosed about that applicant to any nonaffiliated third party, if the disclosure is made other than as permitted under § 38.2-613. For purposes of this subdivision, a notice provided to an employer benefit plan sponsor, group or blanket insurance contract holder, or group annuity contract holder shall satisfy the notice requirements of this subdivision for applicants of such plan, policy, or annuity, provided the insurance institution or agent does not disclose the financial information of those applicants to a nonaffiliated third party, other than as permitted under § 38.2-613;
2. To a policyholder no later than delivery or issuance of the policy or any other evidence of coverage, or at the later of these events. For purposes of this subdivision, a notice provided to an employee benefit plan sponsor, group or blanket insurance contract holder, or group annuity contract holder shall satisfy the notice requirements of this subdivision for persons covered under such plans, policies, or annuities, provided the insurance institution or agent does not disclose the financial information of those persons to a nonaffiliated third party, other than as permitted under § 38.2-613; and
3. To a policyholder, other than a policyholder of a title insurance policy, not less than once in each calendar year. A notice provided to the sponsor of an employee benefit plan or the owner of a group or blanket insurance policy or group annuity contract shall satisfy the notice requirements of this subdivision for persons covered under such plan, policy or contract. For purposes of this subdivision only, "policyholder" does not include a person who owns a policy that is lapsed, expired or otherwise inactive or dormant under the insurance institution's business practices, and with whom the insurance institution has not communicated about the relationship for a period of 12 consecutive months, other than annual privacy notices, material required by law or regulation, communication at the direction of a state or federal authority, or promotional materials. An insurance institution or agent that provides nonpublic personal information to nonaffiliated third parties only in accordance with § 38.2-613 and has not changed its policies and practices with regard to disclosing nonpublic financial information from the policies and practices that were disclosed in the most recent notice sent to the policyholder in accordance with this section shall not be required to provide an annual notice under this section until such time as the licensee does not comply with any criteria described in this subdivision.
B. Any notice required by subsection A of this section shall be in writing or, if the applicant or policyholder agrees, in electronic format, and shall state:
1. The types of financial information that may be collected;
2. The types of financial information that may be disclosed;
3. The categories of persons to whom financial information may be disclosed; however, when disclosures are made pursuant to subsection B of § 38.2-613, the notice is only required to state that disclosures may be made without prior authorization as permitted by law;
4. If financial information is disclosed pursuant to subdivision C 1 of § 38.2-613, the types of financial information that may be disclosed and the categories of nonaffiliated third parties to whom financial information may be disclosed by contractual agreement;
5. An explanation of the right to direct that financial information not be disclosed to nonaffiliated third parties as provided in § 38.2-612.1, provided that this explanation shall not be required to be given when information is disclosed pursuant to the provisions of § 38.2-613;
6. A description of the policies and practices for protecting the confidentiality and security of financial information;
7. The disclosure required, if any, under Section 603 (d)(2)(A)(iii) of the federal Fair Credit Reporting Act (15 U.S.C. § 1681 et seq.) pertaining to the notices regarding the ability to opt out of disclosure of information among affiliates; and
8. A description of the types of financial information about former policyholders that may be disclosed and a description of the types of affiliates and nonaffiliated third parties to whom financial information about former policyholders may be disclosed; however, when disclosures are made pursuant to subsection B of § 38.2-613, the notice is only required to state that disclosures may be made without prior authorization as permitted by law.
C. An insurance institution or agent that does not disclose, and does not wish to reserve the right to disclose, financial information about policyholders or former policyholders to affiliates or nonaffiliated third parties except as authorized in subsection B of § 38.2-613 may satisfy the requirements of this section by providing a notice, as set forth in subdivisions A 2 and A 3 of this section, that:
1. States the foregoing information regarding such insurance institution or agent;
2. Includes the information described in subdivisions B 1 and B 6 of this section; and
3. States that the insurance institution or agent makes disclosures to other affiliated or nonaffiliated third parties, as applicable, as permitted by law.
D. An insurance institution or agent may satisfy the notice requirements of subdivision A 1 of this section by providing a short form notice at the same time that the insurance institution or agent delivers an opt out notice as required by § 38.2-612.1. Such a short form notice shall: (i) be clear and conspicuous; (ii) state that the notice prescribed in subsection B of this section is available upon request; (iii) explain a reasonable means by which the applicant may obtain that notice; and (iv) be in writing or, if the applicant agrees, in electronic format. The insurance institution or agent is not required to deliver the notice prescribed in subsection B of this section with its short form notice, provided the insurance institution or agent provides the applicant with a reasonable means to obtain such notice.
E. The obligations imposed by this section upon an insurance institution or agent may be satisfied by another insurance institution or agent authorized to act on its behalf. An insurance institution may provide a joint notice from the insurance institution and one or more of its affiliates or other financial institutions, as identified in the notice, if the notice is accurate with respect to the insurance institution and the other institutions.
F. An insurance institution or agent, prior to disclosing financial information to a nonaffiliated third party other than as described in the notice prescribed in subsection B of this section, shall send a revised notice that accurately describes its information collection and disclosure practices. Such notice shall comply with the provisions of subsection B of this section.
G. An insurance institution or agent may satisfy the notice requirements of § 38.2-604 and this section through the use of separate notices or a combined notice.
H. An insurance agent shall not be subject to the requirements of this section in any instance where the insurance institution on whose behalf the agent is acting otherwise complies with the requirements contained herein, and the agent does not disclose any financial information to any person other than the insurance institution or its affiliates, or as permitted by § 38.2-613.
I. An insurance agent seeking to place coverage on behalf of a current policyholder shall be deemed to be in compliance with the requirements of this section in any instance where the agent has provided the notice required by this section within the previous 12 months.
2001, c. 371; 2002, c. 76; 2003, c. 266; 2017, c. 648.

Structure Code of Virginia

Code of Virginia

Title 38.2 - Insurance

Chapter 6 - Insurance Information and Privacy Protection

§ 38.2-600. Purposes

§ 38.2-601. Application of article

§ 38.2-602. Definitions

§ 38.2-603. Pretext interviews

§ 38.2-604. Notice of information collection and disclosure practices

§ 38.2-604.1. Notice of financial information collection and disclosure practices

§ 38.2-605. Marketing and research surveys

§ 38.2-606. Content of disclosure authorization forms

§ 38.2-607. Investigative consumer reports

§ 38.2-608. Access to recorded personal information

§ 38.2-609. Correction, amendment, or deletion of recorded personal information

§ 38.2-610. Notice of adverse underwriting decision; furnishing reasons for decisions and sources of information

§ 38.2-611. Information concerning previous adverse underwriting decisions

§ 38.2-612. Bases for adverse underwriting decisions

§ 38.2-612.1. Special requirements for providing financial information to nonaffiliated third parties

§ 38.2-612.2. Protection of the Fair Credit Reporting Act

§ 38.2-613. Disclosure limitations and conditions

§ 38.2-613.01. Commission to promulgate regulations on disclosure of certain medical test results to insurance applicants

§ 38.2-613.1. Disclosure of agent's moratorium required

§ 38.2-613.2. Repealed

§ 38.2-614. Powers of Commission

§ 38.2-615. Hearings and procedures

§ 38.2-616. Service of process on insurance-support organizations

§ 38.2-617. Individual remedies

§ 38.2-618. Immunity of persons disclosing information

§ 38.2-619. Obtaining information under false pretenses

§ 38.2-620. Repealed

§ 38.2-621. Definitions

§ 38.2-622. Private cause of action; neither created nor curtailed

§ 38.2-623. Information security program

§ 38.2-624. Investigation of a cybersecurity event

§ 38.2-625. Notice to Commissioner

§ 38.2-626. Notice to consumers

§ 38.2-627. Powers and duties of the Commission; exclusive state standards

§ 38.2-628. Confidentiality

§ 38.2-629. Exceptions