OFFICIALS LEGISLATION INTEREST GROUPS PUBLIC STATEMENTS COMMITTEES VETOES

SB 360 - Reduces Data Breaches - Michigan Key Vote

Timeline

Related Issues

Stage Details

See How Your Politicians Voted

Title: Reduces Data Breaches

Vote Smart's Synopsis:

Vote to pass a bill that reduces data breaches in Michigan.

Highlights:

  • Expands protection of personal information to include the following (Sec. 3):

    • Medical records;

    • Health insurance information;

    • Usernames or email addresses; and

    • Genetic or biometric information used to verify one's identity.

  • Requires persons or agencies that interact with personal information to implement and maintain reasonable security measures and carry out the following (Sec. 3):

    • Identify an employee who will be responsible for coordinating security protocols;

    • Identify internal and external risks for security breaches;

    • Include appropriate safeguards for personal information designed to mitigate the risks identified;

    • Provide assessments of the effectiveness of safeguards;

    • Require service providers of the person or agency to maintain appropriate security safeguards; and

    • Evaluate and adjust security protocols to account for changes in circumstances.

  • Requires third-party agents that discover security breaches to provide notice to the person or agency within a reasonable time period (Sec. 12).

  • Requires persons or agencies who are required to notify 100 or more residents of the state to notify the Attorney General and detail the events surrounding the security breach and steps being taken to investigate and prevent future security breaches (Sec. 12).

  • Requires persons or agencies to notify consumers affected by the breach and notify the Attorney General of their plan to notify the affected individuals (Sec. 12).

  • Requires individuals who have experienced a breach of Social Security or Taxpayer Identification Number to be offered identity theft protection services that must be free of charge for at least 24 months (Sec. 12).

  • Authorizes the Attorney General to institute civil actions to investigate the breach, including the ability to require the person or agency in violation to appear under oath (Sec. 20).

  • Establishes a fine of up to $25,000 for individuals who attempt to avoid or evade a demand or court order (Sec. 20).

  • Establishes a fine of up to $2,000 for individuals or agencies that fail to implement and maintain reasonable security measures (Sec. 20).

  • Establishes a fine of up to $250 for persons or agencies that fail to provide notice of security breach (Sec. 20).

  • Authorizes the circuit court upon petition of the Attorney General to prevent a person from doing business in the state if they knowingly evade the requirements of this act (Sec. 20).

Full Bill Text

arrow_upward