58-39-1. Short titles. This Article may be cited as the Consumer and Customer Information Privacy Act. Part 1 of this Article may be cited as the Insurance Information and Privacy Protection Act. Part 3 of this Article may be cited as the Customer Information Safeguards Act. (1981, c. 846, s. 1; 2003-262, s. 3.)
58-39-10. Scope. (a) The obligations imposed by this Article shall apply to those insurance institutions, agents, or insurance-support organizations that: (1) In the case of life, health, or disability insurance: a. Collect, receive, or maintain information in connection with insurance transactions that pertains to natural persons who are residents of this State; or b. Engage […]
58-39-100. Appeal of right. From any final order of the Commissioner issued pursuant to the provisions of this Article there shall be an appeal as provided in G.S. 58-2-75. (1981, c. 846, s. 1; 2003-262, s. 2(2).)
58-39-105. Individual remedies. (a) If any insurance institution, agent, or insurance-support organization fails to comply with G.S. 58-39-45, 58-39-50, or 58-39-55 with respect to the rights granted under those sections, any person whose rights are violated may apply to the superior court in the county in which such person resides for appropriate equitable relief. (b) […]
58-39-110. Immunity. No cause of action in the nature of defamation, invasion of privacy, or negligence shall arise against any person for disclosing personal or privileged information in accordance with this Article, nor shall such a cause of action arise against any person for furnishing personal or privileged information to an insurance institution, agent, or […]
58-39-115. Obtaining information under false pretenses. Any person who knowingly and willfully obtains information about an individual from an insurance institution, agent, or insurance-support organization under false pretenses shall, upon conviction, be guilty of a Class 1 misdemeanor. (1981, c. 846, s. 1; 1985, c. 666, s. 33; 1993, c. 539, s. 465; 1994, Ex. […]
58-39-120. Rights. The rights granted under G.S. 58-39-45, 58-39-50, and 58-39-75 shall take effect on July 1, 1982, regardless of the date of the collection or receipt of the information that is the subject of such sections. (1981, c. 846, s. 1; c. 1127, s. 56; 2003-262, s. 2(2).)
58-39-125. Powers of the Commissioner. (a) The Commissioner shall have the power to examine and investigate into the affairs of every insurance institution or agent doing business in this State to determine whether the insurance institution or agent has been or is engaged in any conduct in violation of this Article. (b) The Commissioner shall […]
58-39-130. Purpose. The purpose of this Part is to establish standards for developing and implementing administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of customer information, as required by sections 501, 505(b), and 507 of the federal Gramm-Leach-Bliley Act (Public Law 106-102), codified as 15 U.S.C. 6801, 6805(b), and 6807. The […]
58-39-135. Scope. The safeguards established under this Part apply to all customer information as defined in G.S. 58-39-140. (2003-262, s. 4.)
58-39-140. Definitions. As used in this Part, in addition to the definitions in G.S. 58-39-15: (1) "Customer" means an applicant with or policyholder of a licensee. (2) "Customer information" means nonpublic personal information about a customer, whether in paper, electronic, or other form that is maintained by or on behalf of the licensee. (3) "Customer […]
58-39-145. Information security program. Each licensee shall implement a comprehensive written information security program that includes administrative, technical, and physical safeguards for the protection of customer information. The administrative, technical, and physical safeguards included in the information security program shall be appropriate to the size and complexity of the licensee and the nature and scope […]
58-39-15. Definitions. As used in this Article: (1) "Adverse underwriting decision" means: a. Any of the following actions with respect to insurance transactions involving insurance coverage that is individually underwritten: 1. A declination of insurance coverage; 2. A termination of insurance coverage; 3. Failure of an agent to apply for insurance coverage with a specific […]
58-39-150. Objectives of information security program. A licensee’s information security program shall be designed to: (1) Ensure the security and confidentiality of customer information; (2) Protect against any anticipated threats or hazards to the security or integrity of the information; and (3) Protect against unauthorized access to or use of the information that could result […]
58-39-155. Rules. The Commissioner may adopt rules that the Commissioner deems necessary to carry out the purposes of this Part, including rules that govern licensee oversight of service providers with which it contracts or has a relationship. (2003-262, s. 4.)
58-39-160. Violation. A violation of G.S. 58-39-145 or G.S. 58-39-150 subjects the violator to Part 2 of this Article. (2003-262, s. 4.)
58-39-165. Effective date. Each licensee shall establish an information security program, including appropriate policies and systems under this Part by April 1, 2005. (2003-262, s. 4.)
58-39-20. Pretext interviews. No insurance institution, agent, or insurance-support organization shall use or authorize the use of pretext interviews to obtain information in connection with an insurance transaction: Provided, however, a pretext interview may be undertaken to obtain information from a person or institution that does not have a generally or statutorily recognized privileged relationship […]
58-39-25. Notice of insurance information practices. (a) An insurance institution or agent shall provide a notice of information practices to all applicants or policyholders in connection with insurance transactions as provided in this section: (1) In the case of an application for insurance a notice shall be provided no later than: a. At the time […]
58-39-26. Federal privacy disclosure notice requirements. (a) Disclosure Required. – In addition to the notice requirements of G.S. 58-39-25, an insurance institution or agent shall provide, to all applicants and policyholders no later than (i) before the initial disclosure of personal information under G.S. 58-39-75(11) or (ii) the time of the delivery of the insurance […]
