April 28, 2005, Introduced by Reps. Meisner, Farrah, Zelenko, Clack, Anderson, Vagnozzi, Kathleen Law, Waters, Gonzales, Polidori, Leland, Spade, Jones, Hopgood, Plakas, Wojno, Condino, Bieda, Kolb, Hood, Lipsey, Lemmons, Jr., McConico, Bennett, Accavitti, Gleason, Garfield, Sak and Tobocman and referred to the Committee on Banking and Financial Services.
A bill to amend 1999 PA 276, entitled
"Banking code of 1999,"
(MCL 487.11101 to 487.15105) by adding sections 3914, 3915, and
3916.
THE PEOPLE OF THE STATE OF MICHIGAN ENACT:
Sec. 3914. (1) A bank shall use reasonable care to secure
nonpublic personal financial information from unauthorized access.
(2) A bank shall not disclose nonpublic personal financial
information to a person without the prior and specific informed
consent, in writing, of the individual to whom the nonpublic
personal financial information pertains. This subsection does not
apply if the disclosure is required by law.
(3) A bank shall disclose nonpublic personal financial
information to which subsection (2) does not apply only if the
person to whom the disclosure is made agrees to protect and use the
disclosed information only in the manner authorized by the bank
under section 3915. This subsection does not apply to a disclosure
made to the commissioner, another governmental agency or entity, or
a court.
(4) If an individual authorizes the release of nonpublic
personal financial information under subsection (2) to a specific
person, a bank shall disclose the information to that person only
if the person agrees not to release the information to another
person without another prior and specific informed consent from the
individual, in writing, authorizing the additional release.
(5) This section does not preclude the release of information
pertaining to an individual to that individual by telephone if the
identity of the individual is verified.
(6) As used in this section and section 3915:
(a) "Nonpublic personal financial information" means
personally identifiable financial information and any list,
description, or other grouping of consumers and publicly available
information pertaining to them that is derived using any personally
identifiable financial information that is not publicly available.
Nonpublic personal financial information does not include any of
the following:
(i) Financial information otherwise protected by state or
federal law.
(ii) Publicly available information.
(iii) Any list, description, or other grouping of consumers and
publicly available information pertaining to them that is derived
without using any personally identifiable financial information
that is not publicly available.
(b) "Personally identifiable financial information" means any
of the following:
(i) Information a consumer provides to a bank to obtain a
financial product or service from the bank.
(ii) Information about a consumer resulting from any
transaction involving a financial product or service between a bank
and a consumer.
(iii) Information a bank otherwise obtains about a consumer in
connection with providing a financial product or service to that
consumer.
(c) "Publicly available information" means any information
that a bank has a reasonable basis to believe is lawfully made
available to the general public from federal, state, or local
government records by wide distribution by the media or by
disclosures to the general public that are required to be made by
federal, state, or local law. A bank has a reasonable basis to
believe that information is lawfully made available to the general
public if both of the following apply:
(i) The bank has taken steps to determine that the information
is of the type that is available to the general public.
(ii) If an individual can direct that the information not be
made available to the general public, the bank's consumer has not
directed that the information not be made available to the general
public.
Sec. 3915. A bank shall establish and make public a policy
regarding the protection of privacy and the confidentiality of
nonpublic personal financial information. The policy shall do at
least all of the following:
(a) Provide for the bank's implementation of the requirements
of this act and other applicable laws respecting collection,
security, use, release of, and access to nonpublic personal
financial information.
(b) Identify the routine uses of nonpublic personal financial
information by the bank; prescribe the means by which individuals
will be notified regarding those uses; and provide for notification
regarding the actual release of nonpublic personal financial
information that may be identified with, or that may concern, an
individual, upon specific request by that individual. As used in
this subdivision, "routine use" means the ordinary use or release
of nonpublic personal financial information compatible with the
purpose for which the information was collected.
(c) Assure that no person has access to nonpublic personal
financial information except on the basis of a need to know.
(d) Establish the contractual or other conditions under which
the bank may release nonpublic personal financial information.
(e) Provide that enrollment applications and claim forms
developed by the bank shall contain an individual's consent to the
release of data and information that is limited to the data and
information necessary for the proper review and payment of claims,
and shall reasonably notify individuals of their rights under the
bank's policy and applicable law.
Sec. 3916. Sections 3914 and 3915 do not limit access to
records or enlarge or diminish the investigative and examination
powers of governmental agencies as provided for by law.