HB-5635, As Passed House, December 16, 2009

 

 

 

 

 

 

 

 

 

 

 

 

 

HOUSE BILL No. 5635

 

December 1, 2009, Introduced by Reps. Lisa Brown, Liss, Haugh, Gregory, Slavens, Segal, Switalski, Geiss, Constan, Huckleberry, Tlaib, Robert Jones, Durhal, Cushingberry, Womack, Lemmons, Young, Nathan, Stanley, Roberts, Gonzales, Leland and Lipton and referred to the Committee on Insurance.

 

     A bill to amend 1956 PA 218, entitled

 

"The insurance code of 1956,"

 

by amending sections 503, 515, 527, and 543 (MCL 500.503, 500.515,

 

500.527, and 500.543), as added by 2001 PA 24, and by adding

 

sections 504, 506, and 510; and to repeal acts and parts of acts.

 

THE PEOPLE OF THE STATE OF MICHIGAN ENACT:

 

     Sec. 503. As used in this chapter:

 

     (a) "Affiliate" means any company that controls, is controlled

 

by, or is under common control with another company.

 

     (b) "Annual notice" means the privacy notice required in

 

section 513.

 

     (c) "Clear and conspicuous" means that a notice is reasonably

 

understandable and designed to call attention to the nature and

 


significance of the information in the notice.

 

     (d) "Collect" means to obtain information that the licensee

 

organizes or can retrieve by the name of an individual or by

 

identifying number, symbol, or other identifying particular

 

assigned to the individual, irrespective of the source of the

 

underlying information.

 

     (e) "Company" means any corporation, limited liability

 

company, business trust, general or limited partnership,

 

association, sole proprietorship, or similar organization.

 

     (b) (f) "Consumer" means an individual, or the individual's

 

legal representative, who seeks to obtain, obtains, or has obtained

 

an insurance product or service from a licensee that is to be used

 

primarily for personal, family, or household purposes. As used in

 

this chapter:

 

     (i) "Consumer" includes, but is not limited to, all of the

 

following:

 

     (A) An individual who provides nonpublic personal information

 

to a licensee in connection with obtaining or seeking to obtain

 

financial, investment, or economic advisory services relating to an

 

insurance product or service. An individual is a consumer under

 

this subparagraph regardless of whether the licensee establishes an

 

ongoing advisory relationship.

 

     (B) An applicant for insurance prior to the inception of

 

insurance coverage.

 

     (C) An individual that a licensee discloses nonpublic,

 

personal financial information about to a nonaffiliated third

 

party, other than as permitted under sections 535, 537, and 539, if

 


the individual is any of the following:

 

     (I) A beneficiary of a life insurance policy underwritten by

 

the licensee.

 

     (II) A claimant under an insurance policy issued by the

 

licensee.

 

     (III) An insured under an insurance policy or an annuitant

 

under an annuity issued by the licensee.

 

     (IV) A mortgagor of a mortgage covered under a mortgage

 

insurance policy.

 

     (ii) So long as the licensee provides the initial, annual , and

 

revised notices under this chapter to the plan sponsor, group or

 

blanket insurance policyholders, and group annuity contract holder

 

and does not disclose to a nonaffiliated third party nonpublic

 

personal financial information, other than as permitted under

 

sections 535, 537, and 539, "consumer" does not include an

 

individual solely because he or she meets 1 of the following:

 

     (A) Is a participant or a beneficiary of an employee benefit

 

plan that the licensee administers or sponsors or for which the

 

licensee acts as a trustee, insurer, or fiduciary.

 

     (B) Is covered under a group or blanket insurance policy or

 

group annuity contract issued by the licensee.

 

     (iii) "Consumer" does not include an individual solely because

 

he or she meets 1 of the following:

 

     (A) Is a beneficiary of a trust for which the licensee is a

 

trustee.

 

     (B) Has designated the licensee as trustee for a trust.

 

     (g) "Consumer reporting agency" has the same meaning as in

 


section 603(f) of the federal fair credit reporting act, title VI

 

of the consumer credit act, public law 90-321, 15 U.S.C. 1681a.

 

     (c) (h) "Customer" means a consumer who has a customer

 

relationship with a licensee. However, customer does not include an

 

individual solely because he or she meets 1 of the following:

 

     (i) Is a participant or a beneficiary of an employee benefit

 

plan that the licensee administers or sponsors or for which the

 

licensee acts as a trustee, insurer, or fiduciary.

 

     (ii) Is covered under a group or blanket insurance policy or

 

group annuity contract issued by the licensee.

 

     (iii) Is a beneficiary or claimant under a policy of insurance.

 

     (i) "Customer relationship" means a continuing relationship

 

between a consumer and a licensee under which the licensee provides

 

1 or more insurance products or services to the consumer that are

 

to be used primarily for personal, family, or household purposes.

 

     (j) "Initial notice" means the privacy notice required in

 

section 507.

 

     (k) "Insurance product or service" means any product or

 

service that is offered by a licensee pursuant to the insurance

 

laws of this state or pursuant to a federal insurance program.

 

Insurance service includes a licensee's evaluation, brokerage, or

 

distribution of information that the licensee collects in

 

connection with a request or an application from a consumer for an

 

insurance product or service.

 

     (d) (l) "Licensee" means a licensed insurer or producer, and

 

other persons licensed or required to be licensed, authorized or

 

required to be authorized, registered or required to be registered,

 


or holding or required to hold a certificate of authority under

 

this act. Licensee includes, except as otherwise provided, a

 

nonprofit health care corporation operating pursuant to the

 

nonprofit health care corporation reform act, 1980 PA 350, MCL

 

550.1101 to 550.1704, and a nonprofit dental care corporation

 

operating pursuant to 1963 PA 125, MCL 550.351 to 550.373. Licensee

 

includes an unauthorized insurer who places business through a

 

licensed surplus line agent or broker in this state, but only for

 

the surplus line placements placed under chapter 19. Licensee does

 

not include any of the following:

 

     (i) A nonprofit health care corporation for member personal

 

data and information otherwise protected under section 406 of the

 

nonprofit health care corporation reform act, 1980 PA 350, MCL

 

550.1406.

 

     (ii) The Michigan life and health guaranty association and the

 

property and casualty guaranty association.

 

     (iii) The Michigan automobile insurance placement facility, the

 

Michigan worker's compensation placement facility, and the assigned

 

claims facility created under section 3171. However, servicing

 

carriers for these facilities are licensees.

 

     (e) (m) "Nonaffiliated third party" means any person except a

 

licensee's affiliate or a person employed jointly by a licensee and

 

any company that is not the licensee's affiliate. Nonaffiliated

 

third party includes the other company that jointly employs a

 

person with a licensee. Nonaffiliated third party also includes any

 

company that is an affiliate solely by virtue of the direct or

 

indirect ownership or control of the company by the licensee or its

 


affiliate in conducting merchant banking or investment banking

 

activities of the type described in section 4(k)(4)(H) of the bank

 

holding company act of 1956, chapter 240, 70 Stat. 135, 12 U.S.C.

 

1843 12 USC 1843(k)(4)(H), or insurance company investment

 

activities of the type described in section 4(k)(4)(I) of the bank

 

holding company act of 1956, chapter 240, 70 Stat. 135, 12 U.S.C.

 

1843 12 USC 1843(k)(4)(I).

 

     (f) (n) "Nonpublic personal financial information" means age,

 

sex, race, occupation, level of education, address, type of car

 

driven, average number of miles driven annually, and personally

 

identifiable financial information and any list, description, or

 

other grouping of consumers and publicly available information

 

pertaining to them that is derived using any personally

 

identifiable financial information that is not publicly available.

 

Nonpublic personal financial information does not include any of

 

the following:

 

     (i) Health and medical information otherwise protected by state

 

or federal law.

 

     (ii) Publicly available information.

 

     (iii) Any list, description, or other grouping of consumers and

 

publicly available information pertaining to them that is derived

 

without using any personally identifiable financial information

 

that is not publicly available.

 

     (o) "Opt out" means a direction by the consumer that the

 

licensee not disclose nonpublic personal financial information

 

about that consumer to a nonaffiliated third party, other than as

 

permitted by sections 535, 537, and 539.

 


     (g) (p) "Personally identifiable financial information" means

 

any of the following:

 

     (i) Information a consumer provides to a licensee to obtain an

 

insurance product or service from the licensee.

 

     (ii) Information about a consumer resulting from any

 

transaction involving an insurance product or service between a

 

licensee and a consumer.

 

     (iii) Information the licensee otherwise obtains about a

 

consumer in connection with providing an insurance product or

 

service to that consumer.

 

     (h) (q) "Producer" means a person required to be licensed

 

under this act to sell, solicit, or negotiate insurance.

 

     (i) (r) "Publicly available information" means any information

 

that a licensee has a reasonable basis to believe is lawfully made

 

available to the general public from federal, state, or local

 

government records by wide distribution by the media or by

 

disclosures to the general public that are required to be made by

 

federal, state, or local law. Publicly available information does

 

not include the information listed as nonpublic personal financial

 

information. A licensee has a reasonable basis to believe that

 

information is lawfully made available to the general public if

 

both of the following apply:

 

     (i) The licensee has taken steps to determine that the

 

information is of the type that is available to the general public.

 

     (ii) If an individual can direct that the information not be

 

made available to the general public, that the licensee's consumer

 

has not directed that the information not be made available to the

 


general public.

 

     (s) "Revised notice" means the privacy notice required in

 

section 525.

 

     Sec. 504. (1) A licensee shall use reasonable care to secure

 

nonpublic personal financial information from unauthorized access.

 

Except as is necessary or when required by law, a licensee shall

 

not disclose nonpublic personal financial information to a person

 

without the prior and specific informed consent of the consumer to

 

whom the nonpublic personal financial information pertains. The

 

consumer's consent shall be in writing. Except when a disclosure is

 

made to the commissioner or another governmental agency, a court,

 

or any other governmental entity, a licensee shall make a

 

disclosure for which prior and specific informed consent is not

 

required upon the condition that the person to whom the disclosure

 

is made protect and use the disclosed information only in the

 

manner authorized by the licensee, pursuant to section 506. If a

 

consumer has authorized the release of nonpublic personal financial

 

information to a specific person, a licensee shall make a

 

disclosure to that person upon the condition that the person shall

 

not release the data to a third person unless the consumer executes

 

in writing another prior and specific informed consent authorizing

 

the additional release.

 

     (2) This section does not preclude the release of information

 

to an individual, pertaining to that individual, by telephone, if

 

the identity of the individual is verified.

 

     Sec. 506. The licensee shall establish and make public the

 

policy of the licensee regarding the protection of privacy and the

 


confidentiality of nonpublic personal financial information. The

 

policy, at a minimum, shall do all of the following:

 

     (a) Provide for the licensee's implementation of provisions in

 

this chapter and other applicable laws and guidelines respecting

 

collection, security, use, release of, and access to nonpublic

 

personal financial information.

 

     (b) Identify the routine uses of nonpublic personal financial

 

information by the licensee; prescribe the means by which consumers

 

will be notified regarding those uses; and provide for notification

 

regarding the actual release of nonpublic personal financial

 

information that may be identified with, or that may concern, a

 

consumer, upon specific request by that consumer. As used in this

 

subdivision, "routine use" means the ordinary use or release of

 

nonpublic personal financial information compatible with the

 

purpose for which the information was collected.

 

     (c) Assure that no person shall have access to nonpublic

 

personal financial information except as required by law.

 

     (d) Establish the contractual or other conditions under which

 

nonpublic personal financial information will be released.

 

     (e) Provide that enrollment applications and claim forms

 

developed by the licensee shall contain a consumer's consent to the

 

release of data and information that is limited to the data and

 

information necessary for the proper review and payment of claims,

 

and shall reasonably notify consumers of their rights pursuant to

 

the licensee's policy and applicable law.

 

     Sec. 510. This chapter does not limit access to records or

 

enlarge or diminish the investigative and examination powers of

 


governmental agencies, as provided for by law.

 

     Sec. 515. (1) The initial, annual , and revised notices notice

 

shall include each of the following items of information, in

 

addition to any other information the licensee wishes to provide,

 

that apply to the licensee and to the consumers to whom the

 

licensee sends its privacy notice:

 

     (a) The categories of nonpublic personal financial information

 

that the licensee collects.

 

     (b) The categories of nonpublic personal financial information

 

that the licensee discloses.

 

     (c) The categories of affiliates and nonaffiliated third

 

parties to whom the licensee discloses nonpublic personal financial

 

information. , other than those parties to whom the licensee

 

discloses information under sections 537 and 539.

 

     (d) The categories of nonpublic personal financial information

 

about the licensee's former customers that the licensee discloses

 

and the categories of affiliates and nonaffiliated third parties to

 

whom the licensee discloses nonpublic personal financial

 

information about the licensee's former customers. , other than

 

those parties to whom the licensee discloses information under

 

sections 537 and 539.

 

     (e) If a licensee discloses nonpublic personal financial

 

information to a nonaffiliated third party under section 535 and no

 

other exception in section 537 or 539 applies to that disclosure, a

 

separate description of the categories of information the licensee

 

discloses and the categories of third parties with whom the

 

licensee has contracted.

 


     (f) An explanation of the consumer's right under section 529

 

to opt out of the disclosure of nonpublic personal financial

 

information to nonaffiliated third parties, including the method by

 

which the consumer may exercise that right at that time.

 

     (e) (g) Any disclosures that the licensee makes under section

 

603(d)(2)(A)(iii) of the fair credit reporting act, title VI of the

 

consumer credit protection act, Public Law 90-321, 15 U.S.C. USC

 

1681a.

 

     (f) (h) The licensee's policies and practices with respect to

 

protecting the confidentiality and security of nonpublic personal

 

financial information.

 

     (i) Any disclosure that the licensee makes under subsection

 

(2).

 

     (2) If a licensee discloses nonpublic personal financial

 

information as authorized under sections 537 and 539, the licensee

 

is not required to list those exceptions in the initial or annual

 

notices. When describing the categories of parties to whom

 

disclosure is made, the licensee is required to state only that it

 

makes disclosures to other affiliated or nonaffiliated third

 

parties, as applicable, as permitted by law.

 

     (2) (3) Instead of providing the information required under

 

subsection (1) and if a licensee does not disclose and does not

 

want to reserve the right to disclose nonpublic personal financial

 

information about customers or former customers to affiliates or

 

nonaffiliated third parties, except as authorized under sections

 

537 and 539, the licensee may state that fact as part of a

 

simplified notice so long as the licensee provides the information

 


required under subsections subsection (1)(a) , (h), and (i) and (2)

 

and (f).

 

     (4) The licensee's initial notice may include categories of

 

nonpublic personal financial information that the licensee reserves

 

the right to disclose in the future but does not currently

 

disclose, and categories of affiliates or nonaffiliated third

 

parties to whom the licensee reserves the right in the future to

 

disclose but to whom the licensee does not currently disclose,

 

nonpublic personal financial information.

 

     Sec. 527. (1) A licensee shall provide any notice required

 

under this chapter so that each consumer can reasonably be expected

 

to receive actual notice in writing or, if the consumer agrees,

 

electronically. A licensee may reasonably expect that a consumer

 

will receive actual notice if the licensee does any of the

 

following:

 

     (a) Hand delivers a printed copy of the notice to the

 

consumer.

 

     (b) Mails a printed copy of the notice to the last known

 

address of the consumer separately, or in a policy, billing, or

 

other written communication.

 

     (c) For a consumer who conducts transactions electronically,

 

posts the notice on the electronic site and requires the consumer

 

to acknowledge receipt of the notice as a necessary step to

 

obtaining a particular insurance product or service.

 

     (d) For an isolated transaction with a consumer, such as the

 

licensee providing an insurance quote or selling the consumer

 

travel insurance, posts the notice and requires the consumer to

 


acknowledge receipt of the notice as a necessary step to obtaining

 

the particular insurance product or service.

 

     (2) The following do not provide a reasonable expectation that

 

a consumer will receive actual notice of a licensee's privacy

 

policies and practices under subsection (1):

 

     (a) The licensee only posts a sign in its office or generally

 

publishes advertisements of its privacy policies and practices.

 

     (b) The licensee sends the notice via electronic mail to a

 

consumer who does not obtain an insurance product or service from

 

the licensee electronically.

 

     (3) A licensee may reasonably expect that a customer will

 

receive actual notice of the licensee's annual notice in either of

 

the following cases:

 

     (a) The customer uses the licensee's website to access

 

insurance products and services electronically and agrees to

 

receive notices at the website and the licensee posts its current

 

privacy notice continuously in a clear and conspicuous manner on

 

the website.

 

     (b) The customer has requested that the licensee refrain from

 

sending any information regarding the customer relationship, and

 

the licensee's current privacy notice remains available to the

 

customer upon request.

 

     (4) A licensee shall not provide any notice required by this

 

chapter solely by orally explaining the notice, either in person or

 

over the telephone.

 

     (5) For customers only, a licensee shall provide the initial

 

annual and revised notices so that the customer can retain them or

 


obtain them later in writing or, if the customer agrees,

 

electronically. A licensee provides an initial, annual , or revised

 

notice to the customer so that the customer can retain it or obtain

 

it later if the licensee does any of the following:

 

     (a) Hand delivers a printed copy of the notice to the

 

customer.

 

     (b) Mails a printed copy of the notice to the last known

 

address of the customer.

 

     (c) Makes the current initial, annual , or revised notice

 

available on a website or a link to another website for the

 

customer who obtains an insurance product or service electronically

 

and agrees to receive the notice at the website.

 

     (6) A licensee may provide a joint notice from the licensee

 

and 1 or more of its affiliates or other financial institutions, as

 

identified in the notice, if the notice is accurate with respect to

 

the licensee and the other institutions. A licensee may also

 

provide a notice on behalf of another financial institution, as

 

identified in the notice, if the notice is accurate with respect to

 

the licensee and the other institution.

 

     (7) If 2 or more consumers jointly obtain an insurance product

 

or service from a licensee, the licensee may satisfy the initial,

 

annual , and revised notice requirements by providing 1 notice to

 

those consumers jointly.

 

     Sec. 543. A licensee shall not unfairly discriminate against

 

any consumer because that consumer has opted out or intends to opt

 

out from not given prior and specific informed consent to the

 

disclosure of his or her nonpublic personal financial information

 


pursuant to the provisions of this chapter.

 

     Enacting section 1. Sections 505, 507, 509, 511, 517, 519,

 

521, 523, 525, 529, 531, 533, 535, 537, 539, 540, and 545 of the

 

insurance code of 1956, 1956 PA 218, MCL 500.505, 500.507, 500.509,

 

500.511, 500.517, 500.519, 500.521, 500.523, 500.525, 500.529,

 

500.531, 500.533, 500.535, 500.537, 500.539, 500.540, and 500.545,

 

are repealed.