§ 44-18.1-22. Confidentiality and privacy protections under Model 1.
(A) The purpose of this section is to set forth the member states’ policy for the protection of the confidentiality rights of all participants in the system and of the privacy interests of consumers who deal with Model 1 sellers.
(B) As used in this section, the term “confidential taxpayer information” means all information that is protected under a member state’s laws, regulations, and privileges; the term “personally identifiable information” means information that identifies a person; and the term “anonymous data” means information that does not identify a person.
(C) The member states agree that a fundamental precept in Model 1 is to preserve the privacy of consumers by protecting their anonymity. With very limited exceptions, a CSP shall perform its tax calculation, remittance, and reporting functions without retaining the personally identifiable information of consumers.
(D) The governing board may certify a CSP only if that CSP certifies that:
(1) Its system has been designed and tested to ensure that the fundamental precept of anonymity is respected;
(2) That personally identifiable information is only used and retained to the extent necessary for the administration of Model 1 with respect to exempt purchasers;
(3) It provides consumers clear and conspicuous notice of its information practices, including what information it collects, how it collects the information, how it uses the information, how long, if at all, it retains the information and whether it discloses the information to member states. Such notice shall be satisfied by a written privacy policy statement accessible by the public on the official web site of the CSP;
(4) Its collection, use and retention of personally identifiable information will be limited to that required by the member states to ensure the validity of exemptions from taxation that are claimed by reason of a consumer’s status or the intended use of the goods or services purchased; and
(5) It provides adequate technical, physical, and administrative safeguards so as to protect personally identifiable information from unauthorized access and disclosure.
(E) Each member state shall provide public notification to consumers, including their exempt purchasers, of the state’s practices relating to the collection, use and retention of personally identifiable information.
(F) When any personally identifiable information that has been collected and retained is no longer required for the purposes set forth in subsection (D)(4), such information shall no longer be retained by the member states.
(G) When personally identifiable information regarding an individual is retained by or on behalf of a member state, such state shall provide reasonable access by such individual to his or her own information in the state’s possession and a right to correct any inaccurately recorded information.
(H) If anyone other than a member state, or a person authorized by that state’s law or the Agreement, seeks to discover personally identifiable information, the state from whom the information is sought should make a reasonable and timely effort to notify the individual of such request.
(I) This privacy policy is subject to enforcement by member states’ attorneys general or other appropriate state government authority.
(J) Each member states’ laws and regulations regarding the collection, use, and maintenance of confidential taxpayer information remain fully applicable and binding. Without limitation, the Agreement does not enlarge or limit the member states’ authority to:
(1) Conduct audits or other review as provided under the Agreement and state law.
(2) Provide records pursuant to a member state’s Freedom of Information Act, disclosure laws with governmental agencies, or other regulations.
(3) Prevent, consistent with state law, disclosures of confidential taxpayer information.
(4) Prevent, consistent with federal law, disclosures or misuse of federal return information obtained under a disclosure agreement with the Internal Revenue Service.
(5) Collect, disclose, disseminate, or otherwise use anonymous data for governmental purposes.
(K) This privacy policy does not preclude the governing board from certifying a CSP whose privacy policy is more protective of confidential taxpayer information or personally identifiable information than is required by the Agreement.
History of Section.
P.L. 2006, ch. 246, art. 30, § 12; P.L. 2007, ch. 6, § 6.