Washington Consumer Health Data Privacy Notice (agents, agent team members, business to business contacts, contractors, and job applicants)
We value your privacy.
This State Farm® Washington Consumer Privacy Notice describes how we collect, use and disclose the consumer health data of Washington consumers and the rights prescribed by the Washington My Health My Data Act (WMHMDA).
This notice applies only to consumers as defined by the My Health My Data Act. The Act defines a consumer as “a natural person who is a Washington resident; or (b) a natural person whose consumer health data is collected in Washington.” A consumer as defined is an “natural person acting only in an individual or household context” and does not include an “individual acting in an employment context.” This notice applies to agents, agent team members, business to business contact(s), contractors, and job applicants. This notice does not apply to current or former State Farm employees.
Your consumer health data (hereinafter referred to as personal health data) covered by this notice may also be protected by other laws such as the Financial Services Modernization Act [also known as the Gramm-Leach-Bliley Act (GLBA)], the Health Insurance Portability and Accountability Act (HIPAA), Family Educational Rights and Privacy Act (FERPA) and the Fair Credit Reporting Act (FCRA), and where applicable, those laws primarily govern how we use and disclose consumer health data. The WMHMDA does not apply to personal health data protected by these and other privacy laws. Our privacy notices concerning personal information protected by state laws, as well as by GLBA and HIPAA, can be found on our website. The website also provides information concerning our online advertisements and mobile applications.
In the event of a conflict between this Notice and other State Farm privacy notices or policies, this Notice will prevail as to consumers’ rights under the Washington My Health My Data Act.
Washington defines Consumer Health Data as personal information that is linked or reasonably linkable to a consumer and that identifies the consumer’s past, present, or future physical or mental health status.
We may have collected personal health data from multiple sources, including, you, applications for employment, from other individuals, service providers or other third-party vendors, publicly available sources, consumer reporting agencies, government agencies, or other businesses.
We may have collected and disclosed the following categories of personal health data (since March 31, 2024) about the Washington consumers covered by this notice:
Categories of Personal Health Data Collected and Disclosed | Categories of Third Parties to Whom Personal Health Data is Disclosed |
---|---|
1. Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver's license number. | We may disclose identifiers to third parties such as: other individuals, service providers, other vendors, credit reporting agencies, government agencies or other businesses. |
2. Personal Records such as physical characteristics or description, signature, telephone number, education, employment, employment history, insurance policy number, or any other financial information, medical information, disability or special needs information or health insurance information. | We may disclose personal records to third parties such as: other individuals, service providers, other vendors, credit reporting agencies, government agencies or other businesses. |
3. Classifications such as sex, marital status, familial status, race and gender. | We may disclose classifications to third parties such as: other individuals, service providers, other vendors, credit reporting agencies, government agencies or other businesses. |
4. Biometric Information such as physiological, behavioral, and biological characteristics, that can be used to establish individual identity, including but not limited to fingerprints, voiceprints, other physical patterns, health, or exercise data, that contain identifying information. | We may disclose biometric information to third parties such as: other individuals, service providers, other vendors, credit reporting agencies, government agencies or other businesses. |
5. Internet Usage Information such as browsing history, search history and information regarding your interaction with an Internet Web Site, application or advertisement. | We may disclose internet usage information to third parties such as: other individuals, service providers, other vendors, credit reporting agencies, government agencies or other businesses. |
6. Geolocation Data such as precise physical location or movements and travel patterns. | We may disclose geolocation data to third parties such as: other individuals, service providers, other vendors, credit reporting agencies, government agencies or other businesses. |
7. Sensory Data such as audio recordings of customer care calls, electronic, visual or similar information. | We may disclose sensory data to third parties such as: other individuals, service providers, other vendors, credit reporting agencies, government agencies or other businesses. |
8. Professional or Employment Information such as professional licenses or designations, employment history. | We may disclose professional or employment information to third parties such as: other individuals, service providers, other vendors, credit reporting agencies, government agencies or other businesses. |
9. Education Information such as education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, education level, transcripts, class lists, student schedules, student identification codes, student financial information or student disciplinary records. | We may disclose education information to third parties such as: other individuals, service providers, other vendors, credit reporting agencies, government agencies or other businesses. |
10. Inferences from Personal Information Collected such as creating a profile about a consumer reflecting the consumer's preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities and aptitudes. | We may disclose inferences to third parties such as: other individuals, service providers, other vendors, credit reporting agencies, government agencies or other businesses. |
We may disclose any or all of the categories of consumer health data collected for business purposes such as offering, developing and maintaining services or benefits, administering benefits, maintaining business relationships, completing transactions with individuals or other businesses, preventing fraud, for our everyday business operations, or as required or permitted by law. We may also share personal health information with our State Farm Family of Companies listed below for the same purposes. We do not share medical information within the State Farm family of companies unless you authorize it, it is permitted or required by law, or a contract permits us to do so.
The State Farm Family of Companies is a group that independently provides insurance and financial services and various types of support to those insurance and financial services providers. Consumer Health Data as defined by the WMHMDA may have been shared among the companies listed below. The State Farm family of companies includes, but is not limited to, the companies listed below. This list is subject to change.
State Farm Mutual Automobile Insurance Company
State Farm Fire and Casualty Company
State Farm General Insurance Company
State Farm Indemnity Company
State Farm Guaranty Insurance Company
Dover Bay Specialty Insurance Company
State Farm Florida Insurance Company
State Farm County Mutual Insurance Company of Texas
State Farm Lloyds
State Farm Life Insurance Company
State Farm Life and Accident Assurance Company
State Farm International Services, Inc.
State Farm Investment Management Corp.
State Farm VP Management Corp.
State Farm Specialty Insurance Company
Insurance Placement Services, Inc.
State Farm Realty Mortgage, LLC.
State Farm Classic Insurance Company
Quanata LLC.
Personal health data does not include personal information that is used to engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws and is approved, monitored, and governed by an institutional review board, human subjects research ethics review board, or a similar independent oversight entity that determines that the regulated entity or the small business has implemented reasonable safeguards to mitigate privacy risks associated with research, including any risks associated with reidentification. Consumer health data does not include public information lawfully made available from governmental records or de-identified or aggregate consumer information. We will implement technical safeguards to prohibit re-identification of de-identified information about you. We also reserve the right to create or allow others to create aggregate consumer information data sets by ensuring that individual consumer identities have been removed and are not linked or reasonably linkable to any consumer or household, including via a device. WMHMDA does not require that such information be re-identified in response to a request made pursuant to the WMHMDA.
We use the personal health data listed above for a variety of business-related purposes. The uses of personal health data may depend on your exact relationship to State Farm. We may collect, use and disclose any of the personal health data we collect to facilitate administrative functions, information technology operations, for legal and compliance reasons and corporate transactions. These functions include, but are not limited to the following:
- To manage and operate information technology and communications systems, risk management and insurance functions, budgeting, financial management and reporting, strategic planning
- To manage litigation, other legal disputes, inquiries and to meet legal and regulatory requirements
- In connection with a corporate transaction, sale, or assignment of assets, merger, divestiture, or other changes of control or financial status of the Company or any of its subsidiaries or affiliates
- To manage licenses, permits and authorizations applicable to the Company’s business operations
- To establish and maintain contact with you, emergency contacts you may designate, or beneficiaries
- To administer pay and benefits and to provide you with information related to your business relationship with State Farm
- To recruit and retain State Farm agents, contractors and other business to business contacts
- For security purposes, for identity verification and to prevent fraud or loss of corporate assets
- In conjunction with an investigation
- For analytics, statistics and reporting
We restrict the use of personal health data that is shared with our vendors for business purposes.
State Farm does not sell personal health data as defined by the WMHMDA.
Current and former State Farm job applicants, agents, agent team members, contractors of State Farm and persons we interact with in their capacity of representing another business, have the privacy rights described in this section, subject to certain limitations. Personal information protected by other laws such as the Health Insurance Portability and Accountability Act (HIPAA), and the Fair Credit Reporting Act (FCRA) and Family Educational Rights and Privacy Act (FERPA) is exempted from the following WMHMDA rights. Personal health data provided to us or collected by us in connection your employment or business relationship with State Farm may be protected by these laws and not subject to the following rights granted by the WMHMDA.
You may submit a request described below or submit one through an authorized agent (examples of an authorized agent may include a power of attorney, guardian, conservator or one registered with the California Secretary of State). Requests submitted to us are subject to review, identification and verification. We will acknowledge receipt of your request and provide information about processing the request and the verification process. We may ask you for information which allows us to confirm your identity in relation to information we currently have. In addition, we may require notarization of any forms submitted. We will reimburse you for reasonable fees incurred for the notarization of documents. We may also ask for documentation verifying that your designated agent is authorized to act on your behalf. We may not be able to fulfill your request if we are unable to verify you are the consumer that is the subject of the request, or that the agent is, in fact, authorized to act on your behalf.
We will make reasonable efforts to identify personal health data that we collect, use and disclose to respond to your request. In some instances we may not be able to process a request because, for example, we may not be able to sufficiently verify your identity based on the information you provide to us in response to our verification process. In such instances, we will provide you with a written explanation as to the reason we cannot process your request.
In some cases, we may suggest that you receive the most recent or a summary of your personal health data and give you the opportunity to elect whether to receive the rest of your personal health data. We reserve the right to direct you to where you may access and copy responsive personal health data.
The WMHMDA contains several exemptions which may impact State Farm’s obligation to comply with any request made pursuant toWMHMDA. State Farm retains the right to apply any of the exemptions provided under WMHMDA to any request, at any time.
Instructions on making a request for personal health data that is not protected by laws such as HIPAA and/or FCRA are contained in the Contact Us section.
You have the right to request the following, which will be provided for a reasonable period prior to the request date (unless otherwise specified):
- The specific pieces of personal health data we have collected about you and are maintaining;
- The categories of personal health data we have collected about you;
- Whether or not we are collecting, sharing or selling your personal health data;
- A list of unaffiliated third parties and affiliates with whom we have shared or sold your personal health data and an active email address or other online mechanism to contact these parties.
You may request we delete your personal health data we collected and are maintaining. There may be instances where we are unable to delete personal health information. The personal health data may be:
- Necessary to complete a transaction or service you requested;
- Needed for security purposes;
- Needed to identify and repair system errors;
- Needed to prevent, detect, protect against or respond to any activity that is illegal under Washington state or federal law;
- Needed to investigate, report or prosecute any activity that is illegal under Washington state or federal law.
If you are a current or former State Farm applicant, you may submit requests pursuant to the Washington My Health My Data Act (WMHMDA) (such as Right to Know, Delete) in the following manner:
- Call us at 1-877-272-19991-877-272-1999
- Online:
- Via State Farm Forms if you have access to Company systems (you will need to be logged on at the time for access) OR
- Complete and return this form via U.S. Mail
If you are a current or former State Farm agent or agent team member you may submit requests pursuant to the Washington My Health My Data Act (WMHMDA) Right to Know, Delete) in the following manner:
- Call us at 1-800-859-25041-800-859-2504
- Online:
- Via State Farm Forms if you have access to Company systems (you will need to be logged on at the time for access) OR
- Complete and return this form via U.S. Mail
If you are a current or former business to business contact (e.g., employee of a vendor or service provider) you may submit requests pursuant to the Washington My Health My Data Act (WMHMDA) (Right to Know, Delete) in the following manner:
- Call us at 1-800-635-60351-800-635-6035
- Online:
- Via State Farm Forms if you have access to Company systems (you will need to be logged on at the time for access) OR
- Complete and return this form via U.S. Mail
For more information on your Washington privacy rights contact us at 800-635-6035800-635-6035 or email us. Or write to us at:
State Farm
Attention: Enterprise Compliance & Ethics – Office of Privacy, C-2
PO Box 2322
Bloomington, IL 61704-2322
If you need a copy of this notice in an alternative accessible format, please contact us using any of the above contact methods.
Si desea recibir una copia de esta notificación en español, por favor, póngase en contacto con su agente de State Farm o visite es.ebasd.com.
Last Updated 3/2024