State Bill: 309
Michigan Compiled Laws: § 445.72
Effective Date: July 2, 2007
Definition of Personal Information: The first name or first initial and last name linked to one or more of the following data elements of a resident of this state:
(a) Social security number;
(b) Driver's license number or state personal identification card number; or
(c) Demand deposit or other financial account number, or credit card or debit card number, in combination with any required security code, access code, password that would permit access to any of the resident’s financial accounts.
Summary: Unless the person or agency determines that the security breach has not or is not likely to cause substantial loss or injury to, or result in identity theft with respect to, one or more residents of this state, a person or agency that owns or licenses data that are included in a database that discovers a security breach, or receives notice of a security breach shall provide a notice of the security breach to each resident of this state who meets one or more of the following:
(a) That resident's unencrypted and unredacted personal information was accessed and acquired by an unauthorized person.
(b) That resident's personal information was accessed and acquired in encrypted form by a person with unauthorized access to the encryption key.
Visit the state Web site