New York State Seal
STATE OF NEW YORK
INSURANCE DEPARTMENT
25 BEAVER STREET
NEW YORK, NEW YORK 10004

The Office of General Counsel issued the following opinion on June 11, 2002, representing the position of the New York State Insurance Department.

RE: Bail Bond Insurers and Disclosure of Nonpublic Personal Financial Information Under Regulation 169.

Question Presented:

Pursuant to N.Y. Comp. Codes R. & Regs. tit. 11, §§ 420.0-420.24 (2001)(Regulation 169), is an insurer that issues bail bonds required to provide an annual privacy notice to an insured?

Conclusion:

Yes. Unless one of the conditions contained in section 420.3(i)(2)(ii) (2001) apply, an insurer that issues bail bonds must provide an annual privacy notice to an insured, pursuant to section 420.5 because the insured is a customer. In addition, if the insured is a customer, the insurer must provide an initial privacy notice pursuant to section 420.4(a)(1).

Facts:

An insurer that is authorized to write fidelity and surety insurance and to do a bail bond business under the Insurance Law may issue bail bonds to an insured defendant. The premium for the bail bond is paid up front and is nonrefundable. The insurer functions as a surety for the appearance of the defendant in court on a specific return date. If the defendant appears on the return date, the court has the option of allowing the defendant to remain free until the next scheduled appearance, based upon the original bond or altering the conditions of the bail including revocation. Failure of the defendant to appear results in forfeiture of the bond. The bail bond is terminated when either the defendant appears on the bond or the bond expires by its own terms or other terms of the bond are complied with and the bond is satisfied. Thus, the bond may be good for less than a year or more than a year.

In connection with its bail bond business, a bail bond agent receives nonpublic personal financial information from defendants seeking bail bonds. The insurer and its agents do not share any nonpublic personal financial information with any affiliated or non-affiliated third parties. The inquirer states that section 420.4(b) makes an exception to the initial privacy notice where the insurer does not disclose any nonpublic personal financial information to any nonaffiliated third party. Section 420.5(a)(1) requires an annual privacy notice to a customer at least once in any consecutive 12-month period. There is no exception to this requirement. The inquirer would like to know whether an insurer that issues bail bonds is required to send an annual privacy notice to the insured defendant.

Analysis:

N.Y. Comp. Codes R. & Regs. tit. 11, § 420.1(a) (2001) provides as follows:

(a) Purpose. This part governs the treatment of nonpublic personal information about individuals (defined in this part as consumers or customers) in this State by all licensees of the Insurance Department. This Part:

(1) Requires a licensee to provide notice to individuals about its privacy policies and practices;

(2) Describes the conditions under which a licensee may disclose nonpublic personal health information and nonpublic personal financial information about individuals to nonaffiliated third parties;

(3) Provides methods for individuals to prevent a licensee from disclosing that information; and

(4) Provides a method for individuals to prevent a licensee from disclosing nonpublic personal health information by not affirmatively consenting to such disclosure, subject to the exceptions in section 420.17(b) of this Part. (emphasis added)

N.Y. Comp. Codes R. & Regs. tit. 11, § 420.3(p)(1)(2001) defines the term "licensee" as follows:

(p)(1) [A] person licensed, or required to be licensed, or authorized, or required to be authorized, or registered, or required to be registered pursuant to the Insurance Law of this State; a health maintenance organization holding, or required to hold, a certificate of authority pursuant to Article 44 of the Public Health Law; or an unauthorized insurer in regard to the excess line business conducted pursuant to section 2118 of the Insurance Law and Part 27 of this Title (Regulation 41); but shall not include a registered service contract provider, charitable annuity society, or a licensed viatical settlement company or viatical settlement broker. (emphasis added)

Accordingly, since insurers that issue bail bonds are licensed pursuant to the New York Insurance Law, and they are not excepted from the definition of licensee, they are subject to the requirements of N.Y. Comp. Codes R. & Regs. tit. 11, §§ 420.0-420.24 (2001) (Regulation 169).

N.Y. Comp. Codes R. & Regs. tit. 11, § 420.5(a)(1) (2001) requires all licensees to provide an annual privacy to its customers. That section provides, in pertinent part, as follows:

[A] licensee shall provide a clear and conspicuous notice to customers that accurately reflects its privacy policies and practices not less than annually during the continuation of the customer relationship. Annually means at least once in any period of 12 consecutive months during which that relationship exists. A license may define the 12-consecutive-month period, but the licensee must apply it to the customer on a consistent basis. (emphasis added)

N.Y. Comp. Codes R. & Regs. tit. 11, § 420.3(h) (2001) defines the term "customer" as a consumer who has a customer relationship with a licensee. N.Y. Comp. Codes R. & Regs. tit. 11, § 420.3(i)(1) (2001) states that a customer relationship is a continuing relationship between a consumer and a licensee under which the licensee provides one or more insurance products or services in this State to the consumer that are to be used primarily for personal, family, or household purposes. Pursuant to section 420.3(i)(2)(i)(a), "a consumer has a continuing relationship with a licensee if the consumer is a current policyholder of an insurance product issued by or through the licensee. . ."

However, section 420.3(i)(2)(ii) provides that a consumer does not have a continuing relationship with a licensee if:

(a) The consumer applies for insurance but does not purchase the insurance;

(b) The licensee sells the consumer airline travel insurance in an isolated transaction;

(c) The individual is no longer a current policyholder of an insurance product or no longer obtains insurance services with or through the licensee;

(d) The consumer is a beneficiary or claimant under a policy;

(e) The customer’s policy is lapsed, expired, or otherwise inactive or dormant under the licensee’s business practices, and the licensee has not communicated with the customer about the relationship for a period of 12 consecutive months, other than annual privacy notices, material required by law or regulation, communication at the direction of a state or federal authority, or promotional materials; or

(f) The individual is an insured or an annuitant under an insurance policy or annuity, respectively, but is not the policyholder or owner of the insurance policy or annuity.

In accordance with the above, if one of the conditions contained in section 420.3(i)(2)(ii) applies, the insured is not the insurer’s customer and the insurer is not required to provide an annual privacy notice pursuant to section 420.5(a)(1). The inquirer correctly asserts that there is no exception for the annual privacy notice requirement for customers contained in section 420.5(a)(1) of the regulation. Accordingly, the insurer would be required to provide an annual privacy notice to an insured who is a customer.

An insurer is also required to comply with the initial privacy notice requirements contained in section 420.4(a)(2001). Although, as the inquirer stated, section 420.4(b) provides an exception to the initial privacy notice requirement contained in section 420.4(a)(2) for consumers where the insurer does not disclose any nonpublic personal financial information about the consumer to any nonaffiliated third party, other than as authorized by sections 420.14 and 420.15, section 420.4(b) does not provide an exception to the initial privacy notice requirement for customers. Therefore, the insurer would be required to comply with the initial privacy notice requirement contained in section 420.4(a)(1) if the insured is a customer, as defined by section 420.3.

It should also be noted that an insurer that does not disclose and does not wish to reserve the right to disclose nonpublic personal financial information about customers or former customers to affiliates or nonaffiliated third parties, except as authorized under sections 420.14 and 420.15, may provide a simplified notice pursuant to section 420.6(c)(5) of the regulation.

For further information, you may contact Attorney Pascale Joasil at the New York City office.