791.045.
(a) (1) In addition to the notice required by Section 791.04, an insurance institution or agent shall provide a clear and conspicuous notice to customers that accurately reflects its privacy policies and practices not less than annually during the continuation of the customer relationship. For purposes of this section, “annually” means at least once in any period of 12 consecutive months during which that relationship exists. An insurance institution or agent may define the period of 12 consecutive months, but shall apply it to the customer on a consistent basis.(2) A notice required pursuant to this section shall comply with Section 2689.7 of Title 10 of the California Code of Regulations.
(b) (1) The notices required pursuant to Section 791.04 and this section may be combined into a single notice or provided as separate notices, as long as the requirements of Section 791.04 and this section are met.
(2) If the insurance institution or agent uses a separate, standard privacy notice in addition to the notices required pursuant to Section 791.04 and this section, the notices required pursuant to Section 791.04 and this section shall clearly state that any rights a consumer, claimant, or beneficiary may have as described in these are not limited by the standard privacy notice that the insurance institution or agent also uses.
(c) An insurance institution or agent shall be deemed to be in compliance with this section if all of the following conditions are met:
(1) The insurance institution or agent does not provide medical record, personal, or privileged information to a nonaffiliated third party pursuant to subdivision (k) of Section 791.13.
(2) The insurance institution or agent additionally provides, as part of an abbreviated notice provided pursuant to subdivision (c) of Section 791.04, the internet website address of the insurance institution’s or agent’s complete privacy notice that complies with subdivision (a) and informs the consumer of each of the following rights in a clear and conspicuous manner:
(A) The right to submit a written request to access, correct, amend, or delete the consumer’s personal information and the manner in which the right may be exercised, including the contact information and the mailing address, internet website address, or both, where the
consumer may submit a request.
(B) The right to receive a response within 30 business days of the consumer submitting a request to access, correct, amend, or delete their personal information.
(C) If the insurance institution refuses the consumer’s request, the right to file a statement regarding what the consumer believes to be accurate and fair information and why the consumer disagrees with the insurance institution’s refusal.
(3) The insurance institution’s or agent’s policies and practices about disclosing personal or privileged information have not changed from the previous notice provided pursuant to subdivision (a).
(d) An insurance institution or agent is not required to provide a notice pursuant to subdivision (a) to a former customer with
whom it no longer has a continuing relationship.
(e) The terms used in this section have the same meaning as defined in Section 2689.4 of Title 10 of the California Code of Regulations.