(1) A person shall not do any of the following:

    (a) Make any electronic mail or other communication under false pretenses purporting to be by or on behalf of a business, without the authority or approval of the business, and use that electronic mail or other communication to induce, request, or solicit any individual to provide personal identifying information.

    (b) Create or operate a webpage that represents itself as belonging to or being associated with a business, without the authority or approval of that business, and induces, requests, or solicits any user of the internet to provide personal identifying information.

    (c) Alter a setting on a user's computer or similar device or software program through which the user may access the internet and cause any user of the internet to view a communication that represents itself as belonging to or being associated with a business, which message has been created or is operated without the authority or approval of that business, and induces, requests, or solicits any user of the internet to provide personal identifying information.

    (2) An interactive computer service provider shall not be held liable under any provision of the laws of this state for removing or disabling access to an internet domain name controlled or operated by the registrar or by the provider, or to content that resides on an internet website or other online location controlled or operated by the provider, that the provider believes in good faith is used to engage in a violation of this act. This act does not apply to a telecommunications provider's or internet service provider's good faith transmission or routing of, or intermediate temporary storing or caching of, personal identifying information.

    (3) The attorney general, or an interactive computer service provider harmed by a violation of subsection (1), may bring a civil action against a person who has violated that subsection.

    (4) Subsection (1) does not apply to the following:

    (a) A law enforcement officer while that officer is engaged in the performance of his or her official duties.

    (b) Any other individual authorized to conduct lawful investigations while that individual is engaged in a lawful investigation.

    (5) A person bringing an action under this section may recover 1 of the following:

    (a) Actual damages, including reasonable attorney fees.

    (b) In lieu of actual damages, reasonable attorney fees plus the lesser of the following:

    (i) $5,000.00 per violation.

    (ii) $250,000.00 for each day that a violation occurs.

    (6) If the attorney general has reason to believe that a person has violated section 7(a), (b), or (c) or this section, the attorney general may investigate the business transactions of that person. The attorney general may require that person to appear, at a reasonable time and place, to give information under oath and to produce any documents and evidence necessary to determine whether the person is in compliance with the requirements of that section.