[§431:3A-403]  Other exceptions to notice and opt out requirements for disclosure of nonpublic personal financial information.  (a)  The requirements for initial notice in section 431:3A-201, the opt out in sections 431:3A-204, and 431:3A-301, and service providers and joint marketing in section 431:3A-401 shall not apply if a licensee discloses nonpublic personal financial information:

     (1)  With the consent or at the direction of the consumer, who has not revoked the consent or direction;

     (2)  To protect the confidentiality or security of a licensee’s records pertaining to the consumer, service, product, or transaction;

     (3)  To protect against or prevent actual or potential fraud or unauthorized transactions;

     (4)  For required institutional risk control;

     (5)  For resolving consumer disputes or inquiries;

     (6)  To persons holding a legal or beneficial interest relating to the consumer or to persons acting in a fiduciary or representative capacity on behalf of the consumer;

     (7)  To provide information to insurance rate advisory organizations, guaranty funds or agencies, agencies that are rating a licensee, persons that are assessing the licensee’s compliance with industry standards, or the licensee’s attorneys, accountants, and auditors;

     (8)  To the extent specifically permitted or required under other provisions of law and in accordance with the Right to Financial Privacy Act of 1978, Title 12 United States Code section 3401 et seq., as amended, to law enforcement agencies including the Federal Reserve Board, Office of the Comptroller of the Currency, Federal Deposit Insurance Corporation, Office of Thrift Supervision, National Credit Union Administration, the Securities and Exchange Commission, and the Secretary of the Treasury, with respect to Title 31 United States Code chapter 53, subchapter II (Records and Reports on Monetary Instruments and Transactions), as amended, and Title 12 United States Code chapter 21 (Financial Recordkeeping), as amended, a state insurance authority, and the Federal Trade Commission, self‑regulatory organizations, or for an investigation on a matter related to public safety;

     (9)  To a consumer reporting agency in accordance with the federal Fair Credit Reporting Act, Title 15 United States Code section 1681, et seq., as amended, or from a consumer report reported by a consumer reporting agency;

    (10)  In connection with a proposed or actual sale, merger, transfer, or exchange of all or a portion of a business or operating unit if the disclosure of nonpublic personal financial information concerns solely consumers of the business or unit;

    (11)  To comply with federal, state, or local laws, rules, and other applicable legal requirements;

    (12)  To comply with a properly authorized civil, criminal, or regulatory investigation, or subpoena or summons by federal, state, or local authorities;

    (13)  To respond to judicial process or government regulatory authorities having jurisdiction over a licensee for examination, compliance, or other purposes as authorized by law; or

    (14)  For purposes related to the replacement of a group benefit plan, a group health plan, a group welfare plan, or a workers’ compensation plan.

     (b)  A consumer may revoke a consent by subsequently exercising the right to opt out of future disclosures of nonpublic personal information as permitted under section 431:3A-204. [L 2001, c 220, pt of §1]