SENATE BILL No. 429

 

 

April 26, 2005, Introduced by Senators CHERRY, JACOBS, BASHAM, PRUSI, THOMAS, OLSHOVE, BERNERO, SCOTT, LELAND, EMERSON, SCHAUER, CLARK-COLEMAN, BRATER, BARCIA and CLARKE and referred to the Committee on Banking and Financial Institutions.

 

 

 

     A bill to amend 1980 PA 307, entitled

 

"Savings and loan act of 1980,"

 

(MCL 491.102 to 491.1202) by adding sections 1136, 1137, and 1138.

 

THE PEOPLE OF THE STATE OF MICHIGAN ENACT:

 

     Sec. 1136. (1) An association shall use reasonable care to

 

secure nonpublic personal financial information from unauthorized

 

access.

 

     (2) An association shall not disclose nonpublic personal

 

financial information to a person without the prior and specific

 

informed consent, in writing, of the individual to whom the

 

nonpublic personal financial information pertains. This subsection

 

does not apply if the disclosure is required by law.

 

     (3) An association shall disclose nonpublic personal financial


 

information to which subsection (2) does not apply only if the

 

person to whom the disclosure is made agrees to protect and use the

 

disclosed information only in the manner authorized by the

 

association under section 1137. This subsection does not apply to a

 

disclosure made to the supervisor, another governmental agency or

 

entity, or a court.

 

     (4) If an individual authorizes the release of nonpublic

 

personal financial information under subsection (2) to a specific

 

person, an association shall disclose the information to that

 

person only if the person agrees not to release the information to

 

another person without another prior and specific informed consent

 

from the individual, in writing, authorizing the additional

 

release.

 

     (5) This section does not preclude the release of information

 

pertaining to an individual to that individual by telephone if the

 

identity of the individual is verified.

 

     (6) As used in this section and section 1137:

 

     (a) "Nonpublic personal financial information" means

 

personally identifiable financial information and any list,

 

description, or other grouping of consumers and publicly available

 

information pertaining to them that is derived using any personally

 

identifiable financial information that is not publicly available.

 

Nonpublic personal financial information does not include any of

 

the following:

 

     (i) Financial information otherwise protected by state or

 

federal law.

 

     (ii) Publicly available information.


 

     (iii) Any list, description, or other grouping of consumers and

 

publicly available information pertaining to them that is derived

 

without using any personally identifiable financial information

 

that is not publicly available.

 

     (b) "Personally identifiable financial information" means any

 

of the following:

 

     (i) Information a consumer provides to an association to obtain

 

a financial product or service from the association.

 

     (ii) Information about a consumer resulting from any

 

transaction involving a financial product or service between an

 

association and a consumer.

 

     (iii) Information an association otherwise obtains about a

 

consumer in connection with providing a financial product or

 

service to that consumer.

 

     (c) "Publicly available information" means any information

 

that an association has a reasonable basis to believe is lawfully

 

made available to the general public from federal, state, or local

 

government records by wide distribution by the media or by

 

disclosures to the general public that are required to be made by

 

federal, state, or local law. An association has a reasonable basis

 

to believe that information is lawfully made available to the

 

general public if both of the following apply:

 

     (i) The association has taken steps to determine that the

 

information is of the type that is available to the general public.

 

     (ii) If an individual can direct that the information not be

 

made available to the general public, that the association's

 

consumer has not directed that the information not be made


 

available to the general public.

 

     Sec. 1137. An association shall establish and make public a

 

policy regarding the protection of privacy and the confidentiality

 

of nonpublic personal financial information. The policy shall do at

 

least all of the following:

 

     (a) Provide for the association's implementation of the

 

requirements of this act and other applicable laws respecting

 

collection, security, use, release of, and access to nonpublic

 

personal financial information.

 

     (b) Identify the routine uses of nonpublic personal financial

 

information by the association; prescribe the means by which

 

individuals will be notified regarding those uses; and provide for

 

notification regarding the actual release of nonpublic personal

 

financial information that may be identified with, or that may

 

concern, an individual, upon specific request by that individual.

 

As used in this subdivision, "routine use" means the ordinary use

 

or release of nonpublic personal financial information compatible

 

with the purpose for which the information was collected.

 

     (c) Assure that no person has access to nonpublic personal

 

financial information except on the basis of a need to know.

 

     (d) Establish the contractual or other conditions under which

 

the association may release nonpublic personal financial

 

information.

 

     (e) Provide that enrollment applications and claim forms

 

developed by the association shall contain an individual's consent

 

to the release of data and information that is limited to the data

 

and information necessary for the proper review and payment of


 

claims, and shall reasonably notify individuals of their rights

 

under the association's policy and applicable law.

 

     Sec. 1138. Sections 1136 and 1137 do not limit access to

 

records or enlarge or diminish the investigative and examination

 

powers of governmental agencies as provided for by law.