Can I disclose personal information for a business purpose without complying with CCPA in Michigan? What are the requirements?

Disclosure of Personal Information for Business Purpose in Michigan

In Michigan, the CCPA (California Consumer Privacy Act) does not apply. However, Michigan has its own data privacy law called the Michigan Data Security Act (MCL 445.63). The Act requires businesses to implement and maintain reasonable security measures to protect personal information from unauthorized access, acquisition, disclosure, or destruction.

If you are a business that collects personal information, you may disclose personal information for a business purpose if you comply with the Michigan Data Security Act. The Act requires businesses to provide notice to individuals whose personal information is collected, maintain reasonable security measures, and obtain consent before disclosing personal information to third parties.

Additionally, if you are a business that collects personal information, you must provide individuals with the right to access, correct, and delete their personal information.

It is important to note that the Michigan Data Security Act does not apply to certain entities, such as financial institutions and healthcare providers, that are already subject to federal data privacy laws.

For more information on the Michigan Data Security Act, please refer to [1.5]:" >MICL 445.63.

Requirements for Disclosure of Confidential Information

If you are a business that has received financial or proprietary information from an applicant that is considered confidential, you must comply with the Michigan Economic Growth Authority Act (MEGA) (MICL 207.805).

Under MEGA, a record or portion of a record, material, or other data received, prepared, used, or retained by the authority in connection with an application for a tax credit that relates to financial or proprietary information submitted by the applicant that is considered by the applicant and acknowledged by the authority as confidential shall not be subject to the disclosure requirements of the freedom of information act.

However, if the designee of the authority determines that information submitted to the authority is financial or proprietary information and is confidential, the designee of the authority shall release a written statement, subject to disclosure under the freedom of information act, which states the name and business location of the person requesting that the information submitted be confidential as financial or proprietary information.

For more information on the Michigan Economic Growth Authority Act, please refer to [MICL 207.805]^[1.5].

In summary, if you are a business that collects personal information, you may disclose personal information for a business purpose if you comply with the Michigan Data Security Act. The Act requires businesses to provide notice to individuals whose personal information is collected, maintain reasonable security measures, and obtain consent before disclosing personal information to third parties.

Source(s):

• [1.5] Michigan economic growth authority; powers; quorum; meetings; business conducted at public meeting; confidential information; written statement; disclosure; “financial or proprietary information” defined.

Jurisdiction

Michigan

• Privacy