HOUSE BILL No. 4688

April 28, 2005, Introduced by Reps. Meisner, Farrah, Zelenko, Clack, Anderson, Vagnozzi, Kathleen Law, Waters, Gonzales, Polidori, Leland, Spade, Jones, Hopgood, Plakas, Wojno, Condino, Bieda, Kolb, Hood, Lipsey, Lemmons, Jr., McConico, Bennett, Accavitti, Gleason, Garfield, Sak and Tobocman and referred to the Committee on Banking and Financial Services.

 

     A bill to amend 1999 PA 276, entitled

 

"Banking code of 1999,"

 

(MCL 487.11101 to 487.15105) by adding sections 3914, 3915, and

 

3916.

 

THE PEOPLE OF THE STATE OF MICHIGAN ENACT:

 

     Sec. 3914. (1) A bank shall use reasonable care to secure

 

nonpublic personal financial information from unauthorized access.

 

     (2) A bank shall not disclose nonpublic personal financial

 

information to a person without the prior and specific informed

 

consent, in writing, of the individual to whom the nonpublic

 

personal financial information pertains. This subsection does not

 

apply if the disclosure is required by law.

 

     (3) A bank shall disclose nonpublic personal financial

 


information to which subsection (2) does not apply only if the

 

person to whom the disclosure is made agrees to protect and use the

 

disclosed information only in the manner authorized by the bank

 

under section 3915. This subsection does not apply to a disclosure

 

made to the commissioner, another governmental agency or entity, or

 

a court.

 

     (4) If an individual authorizes the release of nonpublic

 

personal financial information under subsection (2) to a specific

 

person, a bank shall disclose the information to that person only

 

if the person agrees not to release the information to another

 

person without another prior and specific informed consent from the

 

individual, in writing, authorizing the additional release.

 

     (5) This section does not preclude the release of information

 

pertaining to an individual to that individual by telephone if the

 

identity of the individual is verified.

 

     (6) As used in this section and section 3915:

 

     (a) "Nonpublic personal financial information" means

 

personally identifiable financial information and any list,

 

description, or other grouping of consumers and publicly available

 

information pertaining to them that is derived using any personally

 

identifiable financial information that is not publicly available.

 

Nonpublic personal financial information does not include any of

 

the following:

 

     (i) Financial information otherwise protected by state or

 

federal law.

 

     (ii) Publicly available information.

 

     (iii) Any list, description, or other grouping of consumers and

 


publicly available information pertaining to them that is derived

 

without using any personally identifiable financial information

 

that is not publicly available.

 

     (b) "Personally identifiable financial information" means any

 

of the following:

 

     (i) Information a consumer provides to a bank to obtain a

 

financial product or service from the bank.

 

     (ii) Information about a consumer resulting from any

 

transaction involving a financial product or service between a bank

 

and a consumer.

 

     (iii) Information a bank otherwise obtains about a consumer in

 

connection with providing a financial product or service to that

 

consumer.

 

     (c) "Publicly available information" means any information

 

that a bank has a reasonable basis to believe is lawfully made

 

available to the general public from federal, state, or local

 

government records by wide distribution by the media or by

 

disclosures to the general public that are required to be made by

 

federal, state, or local law. A bank has a reasonable basis to

 

believe that information is lawfully made available to the general

 

public if both of the following apply:

 

     (i) The bank has taken steps to determine that the information

 

is of the type that is available to the general public.

 

     (ii) If an individual can direct that the information not be

 

made available to the general public, the bank's consumer has not

 

directed that the information not be made available to the general

 

public.

 


     Sec. 3915. A bank shall establish and make public a policy

 

regarding the protection of privacy and the confidentiality of

 

nonpublic personal financial information. The policy shall do at

 

least all of the following:

 

     (a) Provide for the bank's implementation of the requirements

 

of this act and other applicable laws respecting collection,

 

security, use, release of, and access to nonpublic personal

 

financial information.

 

     (b) Identify the routine uses of nonpublic personal financial

 

information by the bank; prescribe the means by which individuals

 

will be notified regarding those uses; and provide for notification

 

regarding the actual release of nonpublic personal financial

 

information that may be identified with, or that may concern, an

 

individual, upon specific request by that individual. As used in

 

this subdivision, "routine use" means the ordinary use or release

 

of nonpublic personal financial information compatible with the

 

purpose for which the information was collected.

 

     (c) Assure that no person has access to nonpublic personal

 

financial information except on the basis of a need to know.

 

     (d) Establish the contractual or other conditions under which

 

the bank may release nonpublic personal financial information.

 

     (e) Provide that enrollment applications and claim forms

 

developed by the bank shall contain an individual's consent to the

 

release of data and information that is limited to the data and

 

information necessary for the proper review and payment of claims,

 

and shall reasonably notify individuals of their rights under the

 

bank's policy and applicable law.

 


     Sec. 3916. Sections 3914 and 3915 do not limit access to

 

records or enlarge or diminish the investigative and examination

 

powers of governmental agencies as provided for by law.