Enhance your TRUST relationship with PRIVACY and SECURITY. Privacy Made Simple!

   +1 866 267 0049   830 NE Pop Tilton Place, Jensen Beach, FL 34957

Michigan
Privacy Laws

Overview

BREACH NOTIFICATION – Mandated Timeframe
Without unreasonable delay

FINES & PENALTIES – Violations
$250 per failed notice

Legal

Regulation Levels

  • Breach Reporting

    Breach Reporting

  • Consumer Notification

    Consumer Notification

  • Vendor Management

    Vendor Management

  • Vendor Contract Required

    Vendor Contract Required

PRIVACY AND SECURITY LAWS

Laws related to personal information and privacy and security.

QUICK FACTS

Michigan Privacy Law Information

DEFINITION OF PERSONAL INFORMATION

Michigan’s laws have a wide-ranging definition of what is considered personal identifying information relating to financial accounts, which includes biometric data, account numbers and passwords.

PRIVACY PROGRAM

Organizations must have in place measures to destroy or arrange for the destruction of consumer’s personal identifying records so that the records are made unreadable or indecipherable.

BREACH REPORTING

Breach reporting for cases involving 1,000 or more residents of Michigan must be made without unreasonable delay to each consumer reporting agency that compiles and maintains files on consumers on a nationwide basis.

CONSUMER NOTIFICATION

There are specific requirements for consumer notification. If a breach affects residents of other jurisdictions, those individuals must be notified based on the breach notification laws of the jurisdiction where they reside.

VENDOR/THIRD PARTIES
Vendors must notify Organizations without delay after the discovery of a breach or suspected breach. The Organization will be responsible to complete any required regulatory reporting and consumer notification. Vendors who are “an individual, partnership, corporation, limited liability company, association, or other legal entity” and “maintains a database that includes personal information” must have measures in place for the destruction of records containing personal information.
INDUSTRY SPECIFIC LAWS

Michigan passed the Insurance Data Security Law, which includes requirements for insurance licensees to protect personal information and investigate and respond to breaches of security. Effective January 20, 2021, licensees must comply with the breach notification requirements, including Commissioner notification within 10 business days.

FINES & PENALTIES

Failure to provide any notice of a security breach as required may result in a civil fine of up to $250 for each failure to provide notice (with the collective liability for civil fines that arise from the same security breach up to $750,000). The Attorney General or a prosecuting attorney may bring an action to recover a civil fine. Violations of data disposal requirements have a misdemeanor penalty punishable by a fine of up to $250 for each violation.

Michigan Statutes and Laws

MICH. COMP. LAWS §§ 333.26261 – 333.26271

Medical Records Access Act

MICH. COMP. LAWS § 380.1136

Protection of pupil privacy

MICH. COMP. LAWS § 445.63

Definitions

MICH. COMP. LAWS § 445.72

Notice of security breach; requirements

MICH. COMP. LAWS CH. 445, ACT 452

Identity theft protection act

MICH. COMP. LAWS § 445.83

Prohibited use of social security number of employee, student, or other individual

MICH. COMP. LAWS § 445.72A

Destruction of data containing personal information required

MICH. COMP. LAWS §§ 500.501 – 500-547

Insurance Code: Privacy of financial information

MICH. COMP. LAWS §§ 500.550 – 500.565

Insurance Code; Data security

DISCLAIMER

The information provided is not legal guidance or recommendations and are for informational purposes only.