2024 Senate Bill 888

Consumer protection: identity theft; identity theft protection act; modify.

A bill to amend 2004 PA 452, entitled “Identity theft protection act,” by amending sections 3, 12, and 12b (MCL 445.63, 445.72, and 445.72b), section 3 as amended by 2010 PA 318 and sections 12 and 12b as amended by 2010 PA 315, and by adding sections 11a, 11b, 20, 20a, 20b, and 20c; and to repeal acts and parts of acts.

AI Analysis – Experimental

Senate Bill No. 888 aims to amend and expand the Identity Theft Protection Act (2004 PA 452). The bill proposes changes to sections 3, 12, and 12b, and introduces new sections 11a, 11b, 20, 20a, 20b, and 20c, while repealing certain acts and parts of acts. It clarifies and broadens key definitions related to identity theft protection, including terms like "agency," "encrypted," "financial institution," "identity theft," "personal identifying information," and "public utility," among others.

The bill mandates that entities handling personal information implement reasonable security procedures to prevent unlawful use or disclosure. These procedures must be appropriate to the entity's size, the nature and amount of personal information handled, and the entity's resources. In case of a security breach, entities are required to conduct prompt investigations, notify affected individuals and the attorney general if over 100 residents are affected, and take steps to restore security. The bill specifies how notices to affected individuals should be delivered and what information they must contain, including details of the breach and advice on how to protect oneself from identity theft.

Financial institutions and entities compliant with federal regulations like HIPAA are deemed in compliance with this bill's requirements. The bill also sets forth specific notification methods for public utilities and establishes penalties for misrepresenting security breaches or failing to comply with the bill's provisions. Civil actions for injunctive relief and fines can be brought against entities that do not implement required security procedures, investigate breaches, or provide necessary notices.

Introduced in the Senate

May 30, 2024

Introduced by Sen. Rosemary Bayer (D-13)

Referred to the Committee on Finance, Insurance, and Consumer Protection

Dec. 11, 2024

Reported with substitute S-1

Dec. 12, 2024

Referred to the Committee of the Whole

Reported with substitute S-1

Substitute S-1 concurred in by voice vote

Passed in the Senate 20 to 15 (details)

Received in the House

Dec. 13, 2024

Referred to the Committee on Government Operations