Ask Reggi Your Question Now
Can you summarize MICL 445.72?
IDENTITY THEFT PROTECTION ACT (445.61 - 445.79d) > Notice of security breach; requirements.
Short Summary
This section of the Michigan Compiled Laws, known as the Identity Theft Protection Act, outlines the requirements for providing notice of a security breach. It applies to persons or agencies that own or license data included in a database, as well as persons or agencies that maintain a database including data they do not own or license. Unless the security breach is determined to not cause substantial loss or injury or result in identity theft, notice of the breach must be provided to affected residents of Michigan. The notice can be provided through various means, including written notice, electronic notice, telephone notice, or substitute notice. The notice must describe the security breach, the type of personal information accessed, and any measures taken to protect data from further breaches. Failure to provide notice or providing false notice can result in misdemeanor charges and civil fines. However, certain exemptions apply, such as access or acquisition of government records available to the public.
Whom does it apply to?
Persons or agencies that own or license data included in a database, persons or agencies that maintain a database including data they do not own or license
What does it govern?
Notice of security breach requirements
What are exemptions?
Access or acquisition of federal, state, or local government records or documents lawfully made available to the general public
What are the Penalties?
Misdemeanor punishable by imprisonment for up to 93 days or a fine of up to $250.00 for each violation, with increased penalties for subsequent violations. Civil fines of up to $250.00 per failure to provide notice, with an aggregate liability of up to $750,000.00 for multiple violations arising from the same security breach.
Jurisdiction
Michigan