Code of Virginia
Chapter 6 - Insurance Information and Privacy Protection
§ 38.2-612.1. Special requirements for providing financial information to nonaffiliated third parties

A. Except as otherwise provided in § 38.2-613, no insurance institution, agent, or insurance-support organization may, directly or through an affiliate, disclose to a nonaffiliated third party financial information about an individual collected or received in connection with an insurance transaction, unless:
1. The individual has been given a clear and conspicuous notice in writing, or in electronic form if the individual agrees, stating that such financial information may be disclosed to such nonaffiliated third party;
2. The individual is given an opportunity, before such financial information is initially disclosed, to direct that such information not be disclosed, and in no case shall the individual be given less than 30 days from the date of notice to direct that such information not be disclosed;
3. The individual is given a reasonable means by which to exercise the right to direct that such information not be disclosed as well as an explanation that such right may be exercised at any time and that such right remains effective until revoked by the individual; and
4. The nonaffiliated third party agrees not to disclose such financial information to any other person unless such disclosure would otherwise be permitted by this article if made by the insurance institution, agent, or insurance-support organization.
B. 1. No insurance institution, agent, or insurance-support organization may disclose to a nonaffiliated third party, directly or through an affiliate, other than to a consumer reporting agency, a policy number or similar form of access number or transaction account of a policyholder or applicant for use in telemarketing, direct mail marketing or other marketing through electronic mail to an applicant or policyholder, other than to:
a. An agent or other person solely for the purpose of marketing the insurance institution's own products or services as long as the agent or other person is not authorized to directly initiate charges to the account; or
b. A participant in a private label credit card program or an affinity or similar program where the participants in the program are identified to the policyholder or applicant at the time the policyholder or applicant enters the program.
2. A policy or transaction account shall not include an account to which third parties cannot initiate charges.
C. No insurance institution or agent shall unfairly discriminate against an individual because (i) the individual has directed that his personal information not be disclosed pursuant to subsection A or (ii) the individual has refused to grant authorization of the disclosure of his privileged information or medical record information by an insurance institution, agent or insurance support organization pursuant to subsection A of § 38.2-613.
D. The requirements of subsection A may be satisfied by providing a single notice if two or more applicants or policyholders jointly obtain or apply for an insurance product. Such notice shall allow one applicant or policyholder to direct that financial information not be disclosed to nonaffiliated third parties on behalf of all of the joint applicants or policyholders, provided that each applicant or policyholder may separately direct that his financial information not be disclosed to nonaffiliated third parties.
E. An insurance agent shall not be subject to the requirements of subsection A in any instance where the insurance institution on whose behalf the agent is acting otherwise complies with the requirements contained herein, and the agent does not disclose any financial information to any person other than the insurance institution or its affiliates, or as permitted by § 38.2-613.
F. An insurance agent seeking to place coverage on behalf of a current policyholder shall be deemed to be in compliance with the requirements of this section in any instance where the agent has provided the notice required by this section within the previous 12 months.
2001, c. 371; 2003, c. 266; 2020, c. 264.

Structure Code of Virginia

Code of Virginia

Title 38.2 - Insurance

Chapter 6 - Insurance Information and Privacy Protection

§ 38.2-600. Purposes

§ 38.2-601. Application of article

§ 38.2-602. Definitions

§ 38.2-603. Pretext interviews

§ 38.2-604. Notice of information collection and disclosure practices

§ 38.2-604.1. Notice of financial information collection and disclosure practices

§ 38.2-605. Marketing and research surveys

§ 38.2-606. Content of disclosure authorization forms

§ 38.2-607. Investigative consumer reports

§ 38.2-608. Access to recorded personal information

§ 38.2-609. Correction, amendment, or deletion of recorded personal information

§ 38.2-610. Notice of adverse underwriting decision; furnishing reasons for decisions and sources of information

§ 38.2-611. Information concerning previous adverse underwriting decisions

§ 38.2-612. Bases for adverse underwriting decisions

§ 38.2-612.1. Special requirements for providing financial information to nonaffiliated third parties

§ 38.2-612.2. Protection of the Fair Credit Reporting Act

§ 38.2-613. Disclosure limitations and conditions

§ 38.2-613.01. Commission to promulgate regulations on disclosure of certain medical test results to insurance applicants

§ 38.2-613.1. Disclosure of agent's moratorium required

§ 38.2-613.2. Repealed

§ 38.2-614. Powers of Commission

§ 38.2-615. Hearings and procedures

§ 38.2-616. Service of process on insurance-support organizations

§ 38.2-617. Individual remedies

§ 38.2-618. Immunity of persons disclosing information

§ 38.2-619. Obtaining information under false pretenses

§ 38.2-620. Repealed

§ 38.2-621. Definitions

§ 38.2-622. Private cause of action; neither created nor curtailed

§ 38.2-623. Information security program

§ 38.2-624. Investigation of a cybersecurity event

§ 38.2-625. Notice to Commissioner

§ 38.2-626. Notice to consumers

§ 38.2-627. Powers and duties of the Commission; exclusive state standards

§ 38.2-628. Confidentiality

§ 38.2-629. Exceptions