Depends on the products the non-affiliate is selling. Are they really marketed as a joint product/service and is there a formal agreement in place.
J.4. I am a bank. I have a financial advisory center on my premises that is operated by people employed both by me and by an insurance company. The shared employees do not sell bank products. They sell insurance products and services offered by the insurance company pursuant to a third-party arrangement. We provide the employees with information about our customers so that they may solicit our customers on behalf of the insurance company. Do we have to provide our customers with an opportunity to opt out of these disclosures?
You must provide a reasonable opportunity for your customers to opt out of any disclosure of their nonpublic personal information to a nonaffiliated third party unless one of the exceptions applies. Although a dual employee himself or herself is not a “nonaffiliated third party,†providing customer information to a dual employee for purposes of marketing the insurance company’s products and services to your customers is deemed to be providing the information directly to the insurance company. Because the insurance company is a nonaffiliated third party, you must provide your customers a reasonable opportunity to optout of disclosure of their nonpublic personal information prior to disclosing such information to the dual employees unless the disclosure is covered by an exception.
The exception at § 216.13 specifically permits you to disclose nonpublic personal information about your customer to the nonaffiliated insurance company without providing the customer an opportunity to opt out if three requirements are met:
• The insurance company must market financial products or services offered under a joint agreement between you and the insurance company. The joint agreement must be a written agreement under which you and the insurance company “jointly offer, endorse, or sponsor†a financial product or service. Simply agreeing to share customer information with the insurance company would not satisfy this contractual requirement. Rather, your agreement with the insurance company must provide for the joint offering, endorsement, or sponsorship of the financial product or service. For example, a third party agreement that provides the insurance company will use your name in its marketing materials or offer insurance products and services on your premises would
demonstrate that you are jointly offering, endorsing, or sponsoring the products or services with the insurance company;
• You must have provided your customers with an initial privacy notice, including a separate statement describing your joint marketing that satisfies § 216.6(a)(5); and
• You must have a written contract that restricts the insurance company from disclosing or using your customer’s nonpublic personal information for any purpose other than to offer insurance products and services to those customers.
In addition to the foregoing requirements, the prohibition against disclosing a consumer’s account number for use in telemarketing, direct mail marketing, or other marketing through electronic mail, as set forth in § 216.12, applies to your arrangement with the insurance company.
_________________________
The opinions expressed here should not be construed to be those of my employer:
PPDocs.com