HOUSE BILL No. 6406

 

 

September 27, 2018, Introduced by Reps. Graves and Bellino and referred to the Committee on Financial Services.

 

     A bill to amend 2004 PA 452, entitled

 

"Identity theft protection act,"

 

by amending the title and section 3 (MCL 445.63), the title as

 

amended by 2006 PA 566 and section 3 as amended by 2010 PA 318; and

 

to repeal acts and parts of acts.

 

THE PEOPLE OF THE STATE OF MICHIGAN ENACT:

 

TITLE

 

     An act to prohibit certain acts and practices concerning

 

identity theft; to require notification of a security breach of a

 

database that contains certain personal information; to provide for

 

the powers and duties of certain state and local governmental

 

officers and entities; to prescribe penalties and provide remedies;

 

and to repeal acts and parts of acts.

 

     Sec. 3. As used in this act:

 

     (a) "Agency" means a department, board, commission, office,


agency, authority, or other unit of state government of this state.

 

The term includes an institution of higher education of this state.

 

The term does not include a circuit, probate, district, or

 

municipal court.

 

     (b) "Breach of the security of a database" or "security

 

breach" means the unauthorized access and acquisition of data that

 

compromises the security or confidentiality of personal information

 

maintained by a person or agency as part of a database of personal

 

information regarding multiple individuals. These terms do not

 

include unauthorized access to data by an employee or other

 

individual if the access meets all of the following:

 

     (i) The employee or other individual acted in good faith in

 

accessing the data.

 

     (ii) The access was related to the activities of the agency or

 

person.

 

     (iii) The employee or other individual did not misuse any

 

personal information or disclose any personal information to an

 

unauthorized person.

 

     (a) (c) "Child or spousal support" means support for a child

 

or spouse, paid or provided pursuant to state or federal law under

 

a court order or judgment. Support includes, but is not limited to,

 

any of the following:

 

     (i) Expenses for day-to-day care.

 

     (ii) Medical, dental, or other health care.

 

     (iii) Child care expenses.

 

     (iv) Educational expenses.

 

     (v) Expenses in connection with pregnancy or confinement under


the paternity act, 1956 PA 205, MCL 722.711 to 722.730.

 

     (vi) Repayment of genetic testing expenses, under the

 

paternity act, 1956 PA 205, MCL 722.711 to 722.730.

 

     (vii) A surcharge as provided by section 3a of the support and

 

parenting time enforcement act, 1982 PA 295, MCL 552.603a.

 

     (b) (d) "Credit card" means that term as defined in section

 

157m of the Michigan penal code, 1931 PA 328, MCL 750.157m.

 

     (e) "Data" means computerized personal information.

 

     (c) (f) "Depository institution" means a state or nationally

 

chartered bank or a state or federally chartered savings and loan

 

association, savings bank, or credit union.

 

     (g) "Encrypted" means transformation of data through the use

 

of an algorithmic process into a form in which there is a low

 

probability of assigning meaning without use of a confidential

 

process or key, or securing information by another method that

 

renders the data elements unreadable or unusable.

 

     (d) (h) "False pretenses" includes, but is not limited to, a

 

false, misleading, or fraudulent representation, writing,

 

communication, statement, or message, communicated by any means to

 

another person, that the maker of the representation, writing,

 

communication, statement, or message knows or should have known is

 

false or fraudulent. The false pretense may be a representation

 

regarding a past or existing fact or circumstance or a

 

representation regarding the intention to perform a future event or

 

to have a future event performed.

 

     (e) (i) "Financial institution" means a depository

 

institution, an affiliate of a depository institution, a licensee


under the consumer financial services act, 1988 PA 161, MCL

 

487.2051 to 487.2072, 1984 PA 379, MCL 493.101 to 493.114, the

 

motor vehicle sales finance act, 1950 (Ex Sess) PA 27, MCL 492.101

 

to 492.141, the secondary mortgage loan act, 1981 PA 125, MCL

 

493.51 to 493.81, the mortgage brokers, lenders, and servicers

 

licensing act, 1987 PA 173, MCL 445.1651 to 445.1684, or the

 

regulatory loan act, 1939 PA 21, MCL 493.1 to 493.24, a seller

 

under the home improvement finance act, 1965 PA 332, MCL 445.1101

 

to 445.1431, or the retail installment sales act, 1966 PA 224, MCL

 

445.851 to 445.873, or a person subject to subtitle A of title V of

 

the Gramm-Leach-Bliley act, 15 USC 6801 to 6809.

 

     (f) (j) "Financial transaction device" means that term as

 

defined in section 157m of the Michigan penal code, 1931 PA 328,

 

MCL 750.157m.

 

     (g) (k) "Identity theft" means engaging in an act or conduct

 

prohibited in section 5(1).

 

     (h) (l) "Interactive computer service" means an information

 

service or system that enables computer access by multiple users to

 

a computer server, including, but not limited to, a service or

 

system that provides access to the internet or to software services

 

available on a server.

 

     (i) (m) "Law enforcement agency" means that term as defined in

 

section 2804 of the public health code, 1978 PA 368, MCL 333.2804.

 

     (j) (n) "Local registrar" means that term as defined in

 

section 2804 of the public health code, 1978 PA 368, MCL 333.2804.

 

     (k) (o) "Medical records or information" includes, but is not

 

limited to, medical and mental health histories, reports,


summaries, diagnoses and prognoses, treatment and medication

 

information, notes, entries, and x-rays X-rays and other imaging

 

records.

 

     (l) (p) "Person" means an individual, partnership,

 

corporation, limited liability company, association, or other legal

 

entity.

 

     (m) (q) "Personal identifying information" means a name,

 

number, or other information that is used for the purpose of

 

identifying a specific person or providing access to a person's

 

financial accounts, including, but not limited to, a person's name,

 

address, telephone number, driver license or state personal

 

identification card number, social security Social Security number,

 

place of employment, employee identification number, employer or

 

taxpayer identification number, government passport number, health

 

insurance identification number, mother's maiden name, demand

 

deposit account number, savings account number, financial

 

transaction device account number or the person's account password,

 

any other account password in combination with sufficient

 

information to identify and access the account, automated or

 

electronic signature, biometrics, stock or other security

 

certificate or account number, credit card number, vital record, or

 

medical records or information.

 

     (r) "Personal information" means the first name or first

 

initial and last name linked to 1 or more of the following data

 

elements of a resident of this state:

 

     (i) Social security number.

 

     (ii) Driver license number or state personal identification


card number.

 

     (iii) Demand deposit or other financial account number, or

 

credit card or debit card number, in combination with any required

 

security code, access code, or password that would permit access to

 

any of the resident's financial accounts.

 

     (n) (s) "Public utility" means that term as defined in section

 

1 of 1972 PA 299, MCL 460.111.

 

     (t) "Redact" means to alter or truncate data so that no more

 

than 4 sequential digits of a driver license number, state personal

 

identification card number, or account number, or no more than 5

 

sequential digits of a social security number, are accessible as

 

part of personal information.

 

     (o) (u) "State registrar" means that term as defined in

 

section 2805 of the public health code, 1978 PA 368, MCL 333.2805.

 

     (p) (v) "Trade or commerce" means that term as defined in

 

section 2 of the Michigan consumer protection act, 1971 1976 PA

 

331, MCL 445.902.

 

     (q) (w) "Vital record" means that term as defined in section

 

2805 of the public health code, 1978 PA 368, MCL 333.2805.

 

     (x) "Webpage" means a location that has a uniform resource

 

locator or URL with respect to the world wide web or another

 

location that can be accessed on the internet.

 

     Enacting section 1. Sections 12, 12a, and 12b of the identity

 

theft protection act, 2004 PA 452, MCL 445.72, 445.72a, and

 

445.72b, are repealed.

 

     Enacting section 2. This amendatory act takes effect 90 days

 

after the date it is enacted into law.


     Enacting section 3. This amendatory act does not take effect

 

unless Senate Bill No.____ or House Bill No.6405 (request no.

 

06246'18 *) of the 99th Legislature is enacted into law.