§ 44-18.1-22 Confidentiality and privacyprotections under Model 1. – (A) The purpose of this section is to set forth the member states' policy forthe protection of the confidentiality rights of all participants in the systemand of the privacy interests of consumers who deal with Model 1 sellers.
(B) As used in this section, the term "confidential taxpayerinformation" means all information that is protected under a member state'slaws, regulations, and privileges; the term "personally identifiableinformation" means information that identifies a person; and the term"anonymous data" means information that does not identify a person.
(C) The member states agree that a fundamental precept inModel 1 is to preserve the privacy of consumers by protecting their anonymity.With very limited exceptions, a CSP shall perform its tax calculation,remittance, and reporting functions without retaining the personallyidentifiable information of consumers.
(D) The governing board may certify a CSP only if that CSPcertifies that:
(1) Its system has been designed and tested to ensure thatthe fundamental precept of anonymity is respected;
(2) That personally identifiable information is only used andretained to the extent necessary for the administration of Model 1 with respectto exempt purchasers;
(3) It provides consumers clear and conspicuous notice of itsinformation practices, including what information it collects, how it collectsthe information, how it uses the information, how long, if at all, it retainsthe information and whether it discloses the information to member states. Suchnotice shall be satisfied by a written privacy policy statement accessible bythe public on the official web site of the CSP;
(4) Its collection, use and retention of personallyidentifiable information will be limited to that required by the member statesto ensure the validity of exemptions from taxation that are claimed by reasonof a consumer's status or the intended use of the goods or services purchased;and
(5) It provides adequate technical, physical, andadministrative safeguards so as to protect personally identifiable informationfrom unauthorized access and disclosure.
(E) Each member state shall provide public notification toconsumers, including their exempt purchasers, of the state's practices relatingto the collection, use and retention of personally identifiable information.
(F) When any personally identifiable information that hasbeen collected and retained is no longer required for the purposes set forth insubsection (D)(4), such information shall no longer be retained by the memberstates.
(G) When personally identifiable information regarding anindividual is retained by or on behalf of a member state, such state shallprovide reasonable access by such individual to his or her own information inthe state's possession and a right to correct any inaccurately recordedinformation.
(H) If anyone other than a member state, or a personauthorized by that state's law or the Agreement, seeks to discover personallyidentifiable information, the state from whom the information is sought shouldmake a reasonable and timely effort to notify the individual of such request.
(I) This privacy policy is subject to enforcement by memberstates' attorneys general or other appropriate state government authority.
(J) Each member states' laws and regulations regarding thecollection, use, and maintenance of confidential taxpayer information remainfully applicable and binding. Without limitation, the Agreement does notenlarge or limit the member states' authority to:
(1) Conduct audits or other review as provided under theAgreement and state law.
(2) Provide records pursuant to a member state's Freedom ofInformation Act, disclosure laws with governmental agencies, or otherregulations.
(3) Prevent, consistent with state law, disclosures ofconfidential taxpayer information.
(4) Prevent, consistent with federal law, disclosures ormisuse of federal return information obtained under a disclosure agreement withthe Internal Revenue Service.
(5) Collect, disclose, disseminate, or otherwise useanonymous data for governmental purposes.
(K) This privacy policy does not preclude the governing boardfrom certifying a CSP whose privacy policy is more protective of confidentialtaxpayer information or personally identifiable information than is required bythe Agreement.
§ 44-18.1-22 Confidentiality and privacyprotections under Model 1. – (A) The purpose of this section is to set forth the member states' policy forthe protection of the confidentiality rights of all participants in the systemand of the privacy interests of consumers who deal with Model 1 sellers.
(B) As used in this section, the term "confidential taxpayerinformation" means all information that is protected under a member state'slaws, regulations, and privileges; the term "personally identifiableinformation" means information that identifies a person; and the term"anonymous data" means information that does not identify a person.
(C) The member states agree that a fundamental precept inModel 1 is to preserve the privacy of consumers by protecting their anonymity.With very limited exceptions, a CSP shall perform its tax calculation,remittance, and reporting functions without retaining the personallyidentifiable information of consumers.
(D) The governing board may certify a CSP only if that CSPcertifies that:
(1) Its system has been designed and tested to ensure thatthe fundamental precept of anonymity is respected;
(2) That personally identifiable information is only used andretained to the extent necessary for the administration of Model 1 with respectto exempt purchasers;
(3) It provides consumers clear and conspicuous notice of itsinformation practices, including what information it collects, how it collectsthe information, how it uses the information, how long, if at all, it retainsthe information and whether it discloses the information to member states. Suchnotice shall be satisfied by a written privacy policy statement accessible bythe public on the official web site of the CSP;
(4) Its collection, use and retention of personallyidentifiable information will be limited to that required by the member statesto ensure the validity of exemptions from taxation that are claimed by reasonof a consumer's status or the intended use of the goods or services purchased;and
(5) It provides adequate technical, physical, andadministrative safeguards so as to protect personally identifiable informationfrom unauthorized access and disclosure.
(E) Each member state shall provide public notification toconsumers, including their exempt purchasers, of the state's practices relatingto the collection, use and retention of personally identifiable information.
(F) When any personally identifiable information that hasbeen collected and retained is no longer required for the purposes set forth insubsection (D)(4), such information shall no longer be retained by the memberstates.
(G) When personally identifiable information regarding anindividual is retained by or on behalf of a member state, such state shallprovide reasonable access by such individual to his or her own information inthe state's possession and a right to correct any inaccurately recordedinformation.
(H) If anyone other than a member state, or a personauthorized by that state's law or the Agreement, seeks to discover personallyidentifiable information, the state from whom the information is sought shouldmake a reasonable and timely effort to notify the individual of such request.
(I) This privacy policy is subject to enforcement by memberstates' attorneys general or other appropriate state government authority.
(J) Each member states' laws and regulations regarding thecollection, use, and maintenance of confidential taxpayer information remainfully applicable and binding. Without limitation, the Agreement does notenlarge or limit the member states' authority to:
(1) Conduct audits or other review as provided under theAgreement and state law.
(2) Provide records pursuant to a member state's Freedom ofInformation Act, disclosure laws with governmental agencies, or otherregulations.
(3) Prevent, consistent with state law, disclosures ofconfidential taxpayer information.
(4) Prevent, consistent with federal law, disclosures ormisuse of federal return information obtained under a disclosure agreement withthe Internal Revenue Service.
(5) Collect, disclose, disseminate, or otherwise useanonymous data for governmental purposes.
(K) This privacy policy does not preclude the governing boardfrom certifying a CSP whose privacy policy is more protective of confidentialtaxpayer information or personally identifiable information than is required bythe Agreement.
§ 44-18.1-22 Confidentiality and privacyprotections under Model 1. – (A) The purpose of this section is to set forth the member states' policy forthe protection of the confidentiality rights of all participants in the systemand of the privacy interests of consumers who deal with Model 1 sellers.
(B) As used in this section, the term "confidential taxpayerinformation" means all information that is protected under a member state'slaws, regulations, and privileges; the term "personally identifiableinformation" means information that identifies a person; and the term"anonymous data" means information that does not identify a person.
(C) The member states agree that a fundamental precept inModel 1 is to preserve the privacy of consumers by protecting their anonymity.With very limited exceptions, a CSP shall perform its tax calculation,remittance, and reporting functions without retaining the personallyidentifiable information of consumers.
(D) The governing board may certify a CSP only if that CSPcertifies that:
(1) Its system has been designed and tested to ensure thatthe fundamental precept of anonymity is respected;
(2) That personally identifiable information is only used andretained to the extent necessary for the administration of Model 1 with respectto exempt purchasers;
(3) It provides consumers clear and conspicuous notice of itsinformation practices, including what information it collects, how it collectsthe information, how it uses the information, how long, if at all, it retainsthe information and whether it discloses the information to member states. Suchnotice shall be satisfied by a written privacy policy statement accessible bythe public on the official web site of the CSP;
(4) Its collection, use and retention of personallyidentifiable information will be limited to that required by the member statesto ensure the validity of exemptions from taxation that are claimed by reasonof a consumer's status or the intended use of the goods or services purchased;and
(5) It provides adequate technical, physical, andadministrative safeguards so as to protect personally identifiable informationfrom unauthorized access and disclosure.
(E) Each member state shall provide public notification toconsumers, including their exempt purchasers, of the state's practices relatingto the collection, use and retention of personally identifiable information.
(F) When any personally identifiable information that hasbeen collected and retained is no longer required for the purposes set forth insubsection (D)(4), such information shall no longer be retained by the memberstates.
(G) When personally identifiable information regarding anindividual is retained by or on behalf of a member state, such state shallprovide reasonable access by such individual to his or her own information inthe state's possession and a right to correct any inaccurately recordedinformation.
(H) If anyone other than a member state, or a personauthorized by that state's law or the Agreement, seeks to discover personallyidentifiable information, the state from whom the information is sought shouldmake a reasonable and timely effort to notify the individual of such request.
(I) This privacy policy is subject to enforcement by memberstates' attorneys general or other appropriate state government authority.
(J) Each member states' laws and regulations regarding thecollection, use, and maintenance of confidential taxpayer information remainfully applicable and binding. Without limitation, the Agreement does notenlarge or limit the member states' authority to:
(1) Conduct audits or other review as provided under theAgreement and state law.
(2) Provide records pursuant to a member state's Freedom ofInformation Act, disclosure laws with governmental agencies, or otherregulations.
(3) Prevent, consistent with state law, disclosures ofconfidential taxpayer information.
(4) Prevent, consistent with federal law, disclosures ormisuse of federal return information obtained under a disclosure agreement withthe Internal Revenue Service.
(5) Collect, disclose, disseminate, or otherwise useanonymous data for governmental purposes.
(K) This privacy policy does not preclude the governing boardfrom certifying a CSP whose privacy policy is more protective of confidentialtaxpayer information or personally identifiable information than is required bythe Agreement.
