Washington Consumer Health Data Privacy Notice

We value your privacy.

This State Farm® Washington Consumer Health Data Privacy Notice describes how we collect, use, and disclose consumer health data of Washington consumers and the rights prescribed by the Washington My Health My Data Act (WMHMDA).

This notice applies only to consumers as defined by the My Health My Data Act. The Act defines a consumer as “a natural person who is a Washington resident; or (b) a natural person whose consumer health data is collected in Washington.” A consumer as defined is an “natural person acting only in an individual or household context” and does not include an “individual acting in an employment context.”

This notice does not apply to individuals acting in an employment context, including current and former employees of State Farm.

Your consumer health data covered by this notice may also be protected by other laws such as the Financial Services Modernization Act [also known as the Gramm-Leach-Bliley Act (GLBA)], the Health Insurance Portability and Accountability Act (HIPAA), Family Educational Rights and Privacy Act (FERPA) and the Fair Credit Reporting Act (FCRA), and where applicable, those laws primarily govern how we use and disclose consumer health data. The WMHMDA does not apply to consumer health data protected by these and other privacy laws. Our privacy notices concerning personal information including consumer health data, protected by state laws, as well as by GLBA and HIPAA, can be found on our website. The website also provides information concerning our online advertisements and mobile applications.

In the event of a conflict between this Notice and other State Farm privacy notices or policies, this Notice will prevail as to consumers’ rights under the Washington My Health My Data Act.


Washington defines Consumer Health Data as personal information that is linked or reasonably linkable to a consumer and that identifies the consumer’s past, present, or future physical or mental health status. A consumer is a resident or individual whose data is collected in Washington.

We collect consumer health data from multiple sources, including directly from you or a State Farm agent, from other individuals, third party service providers or other third-party vendors, publicly available sources, consumer reporting agencies, government agencies, or other businesses.

We may have collected and disclosed the following categories of consumer health data (since March 31, 2024) about Washington consumers:

Categories of Personal Information (including Consumer Health Data) Collected and Disclosed Categories of Third Parties to Whom Personal Information (including Consumer Health Data) is Disclosed:
1. Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver's license number. We may disclose identifiers to third parties such as: other individuals, service providers, other vendors, credit reporting agencies, government agencies or other businesses.
2. Personal Records such as physical characteristics or description, signature, telephone number, education, employment, employment history, insurance policy number, or any other financial information, medical information, disability or special needs information or health insurance information. We may disclose personal records to third parties such as: other individuals, service providers, other vendors, credit reporting agencies, government agencies or other businesses.
3. Classifications such as sex, marital status, familial status, race and gender. We may disclose classifications to third parties such as: other individuals, service providers, other vendors, credit reporting agencies, government agencies or other businesses.
4. Commercial Information such as personal property records, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. We may disclose commercial information to third parties such as: other individuals, service providers, other vendors, credit reporting agencies, government agencies, or other businesses.
5. Biometric Information such as genetic, physiological, behavioral, and biological characteristics, that can be used to establish individual identity, including but not limited to fingerprints, voiceprints, retina scans from which an identifier template can be extracted, and other physical patterns, and sleep, health, or exercise data, that contain identifying information. We may disclose biometric information to third parties such as: other individuals, service providers, other vendors, credit reporting agencies, government agencies or other businesses.
6. Internet Usage Information such as browsing history, search history and information regarding your interaction with an Internet Web Site, application or advertisement. We may disclose internet usage information to third parties such as: other individuals, service providers, other vendors, credit reporting agencies, government agencies or other businesses.
7. Geolocation Data such as precise physical location or movements and travel patterns. We may disclose geolocation data to third parties such as: other individuals, service providers, other vendors, credit reporting agencies, government agencies or other businesses.
8. Sensory Data such as audio recordings of customer care calls, electronic, visual or similar information. We may disclose sensory data to third parties such as: other individuals, service providers, other vendors, credit reporting agencies, government agencies or other businesses.
9. Professional or Employment Information such as professional licenses or designations, employment history. We may disclose professional or employment information to third parties such as: other individuals, service providers, other vendors, credit reporting agencies, government agencies or other businesses.
10. Education Information such as education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, education level, transcripts, class lists, student schedules, student identification codes, student financial information or student disciplinary records. We may disclose education information to third parties such as: other individuals, service providers, other vendors, credit reporting agencies, government agencies or other businesses.
11. Inferences from Personal Information (including Consumer Health Data) Collected such as creating a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. We may disclose inferences to third parties such as: other individuals, service providers, other vendors, credit reporting agencies, government agencies or other businesses.

We may disclose any or all of the categories of consumer health data collected for business purposes such as offering, developing and maintaining services or benefits, administering benefits, maintaining business relationships, completing transactions with individuals or other businesses, preventing fraud, for our everyday business operations, or as required or permitted by law. We may also share personal health information with our State Farm Family of Companies listed below for the same purposes. We do not share medical information within the State Farm family of companies unless you authorize it, it is permitted or required by law, or a contract permits us to do so.


The State Farm Family of Companies is a group that independently provides insurance and financial services and various types of support to those insurance and financial services providers. Consumer Health Data as defined by the WMHMDA may have been shared among the companies listed below. The State Farm family of companies includes, but is not limited to, the companies listed below. This list is subject to change.

State Farm Mutual Automobile Insurance Company
State Farm Fire and Casualty Company
State Farm General Insurance Company
State Farm Indemnity Company
State Farm Guaranty Insurance Company
Dover Bay Specialty Insurance Company
State Farm Florida Insurance Company
State Farm County Mutual Insurance Company of Texas
State Farm Lloyds
State Farm Life Insurance Company
State Farm Life and Accident Assurance Company
State Farm International Services, Inc.
State Farm Investment Management Corp.
State Farm VP Management Corp.
State Farm Specialty Insurance Company
Insurance Placement Services, Inc.
State Farm Realty Mortgage, LLC.
State Farm Classic Insurance Company
Quanata LLC.

Personal health data does not include personal information that is used to engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws and is approved, monitored, and governed by an institutional review board, human subjects research ethics review board, or a similar independent oversight entity that determines that the regulated entity or the small business has implemented reasonable safeguards to mitigate privacy risks associated with research, including any risks associated with reidentification. Consumer health data does not include public information lawfully made available from governmental records or de-identified or aggregate consumer information. We will implement technical safeguards to prohibit re-identification of de-identified information about you. We also reserve the right to create or allow others to create aggregate consumer information data sets by ensuring that individual consumer identities have been removed and are not linked or reasonably linkable to any consumer or household, including via a device. WMHMDA does not require that such information be re-identified in response to a request made pursuant to the WMHMDA.


We collect, use, and disclose consumer health data to offer, provide, or maintain insurance and financial products and services and as otherwise related to the operation of our business, or as required or permitted by law. We may collect, use, and disclose the consumer health data we collect for one or more of the following business purposes:

  • Processing Interactions and Transactions such as customization of advertisements as a result of visiting one of our web pages.
  • Managing Interactions and Transactions such as auditing related to a current interaction with you and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.
  • Performing Services on behalf of the business or service provider, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services on behalf of the business or service provider.
  • Research and Development for technological development and demonstration.
  • Quality Assurance to verify or maintain the quality or safety of a service or device that is owned, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the business.
  • Security such as detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
  • Debugging to identify and repair errors that impair existing intended functionality.

We restrict the use of consumer health data that is shared with our vendors for business purposes.

We may collect, use, and disclose personal health information for commercial purposes such as marketing.


State Farm does not sell personal health data as defined by the WMHMDA.


Consumers have the privacy rights described in this section, subject to certain limitations. Personal information (including Consumer Health Data) protected by other laws such as the Financial Services Modernization Act (also known as the Gramm-Leach-Bliley Act (GLBA), the Health Insurance Portability and Accountability Act (HIPAA), and the Fair Credit Reporting Act (FCRA) is exempted from the following Washington Privacy rights.

You may submit a request described below or submit one through an authorized agent (examples of an authorized agent may include a power of attorney, guardian, conservator. Requests submitted to us are subject to review, identification, and verification. We will acknowledge receipt of your request and provide information about processing the request and the verification process. We may ask you for information which allows us to confirm your identity in relation to information we currently have. In addition, we may require notarization of any forms submitted. We may also ask for documentation verifying that your designated agent is authorized to act on your behalf. We may not be able to fulfill your request if we are unable to verify you are the consumer that is the subject of the request, or that the agent is, in fact, authorized to act on your behalf.

We will make reasonable efforts to identify consumer health data that we collect, use, and disclose to respond to your request. In some instances, we may not be able to process a request because, for example, we may not be able to sufficiently verify your identity based on the information you provide to us in response to our verification process. In such instances, we will provide you with a written explanation as to the reason we cannot process your request.

In some cases, we may suggest that you receive the most recent or a summary of your consumer health data and give you the opportunity to elect whether to receive the rest of your consumer health data. We reserve the right to direct you to where you may access and copy responsive consumer health data.

Instructions on making a request and submitting documentation are contained in the Contact Us section. Instructions on how to file an appeal in the case of a request that is denied are also in the Contact Us section.


You have the right to request the following, which will be provided for a reasonable period prior to the request date (unless otherwise specified):

  • The specific pieces of personal health information we have collected about you and are maintaining; 
  • The categories of consumer health data we have collected about you;
  • Whether or not we are collecting, sharing or selling your consumer health data;
  • A list of unaffiliated third parties and affiliates with whom we have shared or sold your consumer health data and an active email address or other online mechanism to contact these parties.

You may request we delete your consumer health data we collected and are maintaining. There may be instances where we are unable to delete consumer health data. The consumer health data may be:

  • Necessary to complete a transaction or service you requested;
  • Needed for security purposes;
  • Needed to identify and repair system errors;
  • Needed to prevent, detect, protect against or respond to any activity that is illegal under Washington state or federal law;
  • Needed to investigate, report or prosecute any activity that is illegal under Washington state or federal law.

You may submit requests pursuant to the Washington My Health My Data Act (such as Right to Know or Right to Delete) by one of three methods outlined below. Once a request is received, we will acknowledge receipt of the request. In addition to acknowledging your request, we may ask you for additional information, including information to verify your identity. In order to submit a request:

  • Call us at 1-800-635-60351-800-635-6035 and we will assist you including verifying your identity. We may ask you for personal information such as name, phone number, address and/or date of birth. In order to complete authentication, we will send a verification code to the phone number or email you provide, or you may provide the Personal Identification Number associated with your State Farm account.
  • Use your State Farm online account:
    • Go to ebasd.com and log into your account using your user ID and password at the top right of the home page. Go to the Washington Privacy rights section of the Privacy & Security page and then click on the “Washington Consumers with State Farm online access” link. Some of your personal health information will pre-populate once the form is accessed. Follow the instructions on the form then submit.
    • An online State Farm account is not required to submit a Washington Privacy Request. However, you may be able to create an online account at ebasd.com by clicking on “Manage Your Accounts” under the Customer Care section. Once created, you can access the form and submit electronically as noted above.
  • Complete, print, notarize and return the Data Access Request Form via U.S. Mail. Attach any relevant documentation to the form.
    • You must verify your identity by having the form notarized.

For more information on your Washington privacy rights contact us at 800-635-6035800-635-6035 or email us. Or write to us at:

State Farm
Attention: Enterprise Compliance & Ethics – Office of Privacy, C-2
PO Box 2322
Bloomington, IL 61704-2322

If you need a copy of this notice in an alternative accessible format, please contact us using any of the above contact methods.

Si desea recibir una copia de esta notificación en español, por favor, póngase en contacto con su agente de State Farm o visite es.ebasd.com.

 

Last Updated 3/2024