HB-5635, As Passed House, December 16, 2009
December 1, 2009, Introduced by Reps. Lisa Brown, Liss, Haugh, Gregory, Slavens, Segal, Switalski, Geiss, Constan, Huckleberry, Tlaib, Robert Jones, Durhal, Cushingberry, Womack, Lemmons, Young, Nathan, Stanley, Roberts, Gonzales, Leland and Lipton and referred to the Committee on Insurance.
A bill to amend 1956 PA 218, entitled
"The insurance code of 1956,"
by amending sections 503, 515, 527, and 543 (MCL 500.503, 500.515,
500.527, and 500.543), as added by 2001 PA 24, and by adding
sections 504, 506, and 510; and to repeal acts and parts of acts.
THE PEOPLE OF THE STATE OF MICHIGAN ENACT:
Sec. 503. As used in this chapter:
(a) "Affiliate" means any company that controls, is controlled
by, or is under common control with another company.
(b)
"Annual notice" means the privacy notice required in
section
513.
(c)
"Clear and conspicuous" means that a notice is reasonably
understandable
and designed to call attention to the nature and
significance
of the information in the notice.
(d)
"Collect" means to obtain information that the licensee
organizes
or can retrieve by the name of an individual or by
identifying
number, symbol, or other identifying particular
assigned
to the individual, irrespective of the source of the
underlying
information.
(e)
"Company" means any corporation, limited liability
company,
business trust, general or limited partnership,
association,
sole proprietorship, or similar organization.
(b) (f)
"Consumer" means an
individual, or the individual's
legal representative, who seeks to obtain, obtains, or has obtained
an insurance product or service from a licensee that is to be used
primarily for personal, family, or household purposes. As used in
this chapter:
(i) "Consumer" includes, but is not limited to, all of the
following:
(A) An individual who provides nonpublic personal information
to a licensee in connection with obtaining or seeking to obtain
financial, investment, or economic advisory services relating to an
insurance product or service. An individual is a consumer under
this subparagraph regardless of whether the licensee establishes an
ongoing advisory relationship.
(B) An applicant for insurance prior to the inception of
insurance coverage.
(C) An individual that a licensee discloses nonpublic,
personal financial information about to a nonaffiliated third
party, other
than as permitted under sections 535, 537, and 539, if
the individual is any of the following:
(I) A beneficiary of a life insurance policy underwritten by
the licensee.
(II) A claimant under an insurance policy issued by the
licensee.
(III) An insured under an insurance policy or an annuitant
under an annuity issued by the licensee.
(IV) A mortgagor of a mortgage covered under a mortgage
insurance policy.
(ii) So long as the licensee provides the initial, annual ,
and
revised
notices under this chapter to the
plan sponsor, group or
blanket insurance policyholders, and group annuity contract holder
and does not disclose to a nonaffiliated third party nonpublic
personal
financial information, other than as permitted under
sections
535, 537, and 539, "consumer"
does not include an
individual solely because he or she meets 1 of the following:
(A) Is a participant or a beneficiary of an employee benefit
plan that the licensee administers or sponsors or for which the
licensee acts as a trustee, insurer, or fiduciary.
(B) Is covered under a group or blanket insurance policy or
group annuity contract issued by the licensee.
(iii) "Consumer" does not include an individual solely because
he or she meets 1 of the following:
(A) Is a beneficiary of a trust for which the licensee is a
trustee.
(B) Has designated the licensee as trustee for a trust.
(g)
"Consumer reporting agency" has the same meaning as in
section
603(f) of the federal fair credit reporting act, title VI
of
the consumer credit act, public law 90-321, 15 U.S.C. 1681a.
(c) (h)
"Customer" means a
consumer who has a customer
relationship with a licensee. However, customer does not include an
individual solely because he or she meets 1 of the following:
(i) Is a participant or a beneficiary of an employee benefit
plan that the licensee administers or sponsors or for which the
licensee acts as a trustee, insurer, or fiduciary.
(ii) Is covered under a group or blanket insurance policy or
group annuity contract issued by the licensee.
(iii) Is a beneficiary or claimant under a policy of insurance.
(i)
"Customer relationship" means a continuing relationship
between
a consumer and a licensee under which the licensee provides
1
or more insurance products or services to the consumer that are
to
be used primarily for personal, family, or household purposes.
(j)
"Initial notice" means the privacy notice required in
section
507.
(k)
"Insurance product or service" means any product or
service
that is offered by a licensee pursuant to the insurance
laws
of this state or pursuant to a federal insurance program.
Insurance
service includes a licensee's evaluation, brokerage, or
distribution
of information that the licensee collects in
connection
with a request or an application from a consumer for an
insurance
product or service.
(d) (l) "Licensee"
means a licensed insurer or producer, and
other persons licensed or required to be licensed, authorized or
required to be authorized, registered or required to be registered,
or holding or required to hold a certificate of authority under
this act. Licensee includes, except as otherwise provided, a
nonprofit health care corporation operating pursuant to the
nonprofit health care corporation reform act, 1980 PA 350, MCL
550.1101 to 550.1704, and a nonprofit dental care corporation
operating pursuant to 1963 PA 125, MCL 550.351 to 550.373. Licensee
includes an unauthorized insurer who places business through a
licensed surplus line agent or broker in this state, but only for
the surplus line placements placed under chapter 19. Licensee does
not include any of the following:
(i) A nonprofit health care corporation for member personal
data and information otherwise protected under section 406 of the
nonprofit health care corporation reform act, 1980 PA 350, MCL
550.1406.
(ii) The Michigan life and health guaranty association and the
property and casualty guaranty association.
(iii) The Michigan automobile insurance placement facility, the
Michigan worker's compensation placement facility, and the assigned
claims facility created under section 3171. However, servicing
carriers for these facilities are licensees.
(e) (m)
"Nonaffiliated third
party" means any person except a
licensee's affiliate or a person employed jointly by a licensee and
any company that is not the licensee's affiliate. Nonaffiliated
third party includes the other company that jointly employs a
person with a licensee. Nonaffiliated third party also includes any
company that is an affiliate solely by virtue of the direct or
indirect ownership or control of the company by the licensee or its
affiliate in conducting merchant banking or investment banking
activities
of the type described in section 4(k)(4)(H) of the bank
holding
company act of 1956, chapter 240, 70 Stat. 135, 12 U.S.C.
1843
12 USC 1843(k)(4)(H), or insurance company investment
activities
of the type described in section 4(k)(4)(I) of the bank
holding
company act of 1956, chapter 240, 70 Stat. 135, 12 U.S.C.
1843
12 USC 1843(k)(4)(I).
(f) (n)
"Nonpublic personal financial information" means age,
sex, race, occupation, level of education, address, type of car
driven, average number of miles driven annually, and personally
identifiable financial information and any list, description, or
other grouping of consumers and publicly available information
pertaining to them that is derived using any personally
identifiable financial information that is not publicly available.
Nonpublic personal financial information does not include any of
the following:
(i) Health and medical information otherwise protected by state
or federal law.
(ii) Publicly available information.
(iii) Any list, description, or other grouping of consumers and
publicly available information pertaining to them that is derived
without using any personally identifiable financial information
that is not publicly available.
(o)
"Opt out" means a direction by the consumer that the
licensee
not disclose nonpublic personal financial information
about
that consumer to a nonaffiliated third party, other than as
permitted
by sections 535, 537, and 539.
(g) (p)
"Personally identifiable financial information" means
any of the following:
(i) Information a consumer provides to a licensee to obtain an
insurance product or service from the licensee.
(ii) Information about a consumer resulting from any
transaction involving an insurance product or service between a
licensee and a consumer.
(iii) Information the licensee otherwise obtains about a
consumer in connection with providing an insurance product or
service to that consumer.
(h) (q)
"Producer" means a person required to be licensed
under this act to sell, solicit, or negotiate insurance.
(i) (r)
"Publicly available information" means any information
that a licensee has a reasonable basis to believe is lawfully made
available to the general public from federal, state, or local
government records by wide distribution by the media or by
disclosures to the general public that are required to be made by
federal, state, or local law. Publicly available information does
not include the information listed as nonpublic personal financial
information. A licensee has a reasonable basis to believe that
information is lawfully made available to the general public if
both of the following apply:
(i) The licensee has taken steps to determine that the
information is of the type that is available to the general public.
(ii) If an individual can direct that the information not be
made available to the general public, that the licensee's consumer
has not directed that the information not be made available to the
general public.
(s)
"Revised notice" means the privacy notice required in
section
525.
Sec. 504. (1) A licensee shall use reasonable care to secure
nonpublic personal financial information from unauthorized access.
Except as is necessary or when required by law, a licensee shall
not disclose nonpublic personal financial information to a person
without the prior and specific informed consent of the consumer to
whom the nonpublic personal financial information pertains. The
consumer's consent shall be in writing. Except when a disclosure is
made to the commissioner or another governmental agency, a court,
or any other governmental entity, a licensee shall make a
disclosure for which prior and specific informed consent is not
required upon the condition that the person to whom the disclosure
is made protect and use the disclosed information only in the
manner authorized by the licensee, pursuant to section 506. If a
consumer has authorized the release of nonpublic personal financial
information to a specific person, a licensee shall make a
disclosure to that person upon the condition that the person shall
not release the data to a third person unless the consumer executes
in writing another prior and specific informed consent authorizing
the additional release.
(2) This section does not preclude the release of information
to an individual, pertaining to that individual, by telephone, if
the identity of the individual is verified.
Sec. 506. The licensee shall establish and make public the
policy of the licensee regarding the protection of privacy and the
confidentiality of nonpublic personal financial information. The
policy, at a minimum, shall do all of the following:
(a) Provide for the licensee's implementation of provisions in
this chapter and other applicable laws and guidelines respecting
collection, security, use, release of, and access to nonpublic
personal financial information.
(b) Identify the routine uses of nonpublic personal financial
information by the licensee; prescribe the means by which consumers
will be notified regarding those uses; and provide for notification
regarding the actual release of nonpublic personal financial
information that may be identified with, or that may concern, a
consumer, upon specific request by that consumer. As used in this
subdivision, "routine use" means the ordinary use or release of
nonpublic personal financial information compatible with the
purpose for which the information was collected.
(c) Assure that no person shall have access to nonpublic
personal financial information except as required by law.
(d) Establish the contractual or other conditions under which
nonpublic personal financial information will be released.
(e) Provide that enrollment applications and claim forms
developed by the licensee shall contain a consumer's consent to the
release of data and information that is limited to the data and
information necessary for the proper review and payment of claims,
and shall reasonably notify consumers of their rights pursuant to
the licensee's policy and applicable law.
Sec. 510. This chapter does not limit access to records or
enlarge or diminish the investigative and examination powers of
governmental agencies, as provided for by law.
Sec.
515. (1) The initial, annual
, and revised notices notice
shall include each of the following items of information, in
addition to any other information the licensee wishes to provide,
that apply to the licensee and to the consumers to whom the
licensee sends its privacy notice:
(a) The categories of nonpublic personal financial information
that the licensee collects.
(b) The categories of nonpublic personal financial information
that the licensee discloses.
(c) The categories of affiliates and nonaffiliated third
parties to whom the licensee discloses nonpublic personal financial
information. ,
other than those parties to whom the licensee
discloses
information under sections 537 and 539.
(d) The categories of nonpublic personal financial information
about the licensee's former customers that the licensee discloses
and the categories of affiliates and nonaffiliated third parties to
whom the licensee discloses nonpublic personal financial
information
about the licensee's former customers.
, other than
those
parties to whom the licensee discloses information under
sections
537 and 539.
(e)
If a licensee discloses nonpublic personal financial
information
to a nonaffiliated third party under section 535 and no
other
exception in section 537 or 539 applies to that disclosure, a
separate
description of the categories of information the licensee
discloses
and the categories of third parties with whom the
licensee
has contracted.
(f)
An explanation of the consumer's right under section 529
to
opt out of the disclosure of nonpublic personal financial
information
to nonaffiliated third parties, including the method by
which
the consumer may exercise that right at that time.
(e) (g)
Any disclosures that the licensee
makes under section
603(d)(2)(A)(iii) of the fair credit reporting act, title VI of the
consumer
credit protection act, Public Law 90-321, 15 U.S.C. USC
1681a.
(f) (h)
The licensee's policies and
practices with respect to
protecting the confidentiality and security of nonpublic personal
financial information.
(i)
Any disclosure that the licensee makes under subsection
(2).
(2)
If a licensee discloses nonpublic personal financial
information
as authorized under sections 537 and 539, the licensee
is
not required to list those exceptions in the initial or annual
notices.
When describing the categories of parties to whom
disclosure
is made, the licensee is required to state only that it
makes
disclosures to other affiliated or nonaffiliated third
parties,
as applicable, as permitted by law.
(2) (3)
Instead of providing the
information required under
subsection (1) and if a licensee does not disclose and does not
want to reserve the right to disclose nonpublic personal financial
information about customers or former customers to affiliates or
nonaffiliated
third parties, except as authorized under sections
537
and 539, the licensee may state
that fact as part of a
simplified notice so long as the licensee provides the information
required
under subsections subsection
(1)(a) , (h), and (i) and (2)
and (f).
(4)
The licensee's initial notice may include categories of
nonpublic
personal financial information that the licensee reserves
the
right to disclose in the future but does not currently
disclose,
and categories of affiliates or nonaffiliated third
parties
to whom the licensee reserves the right in the future to
disclose
but to whom the licensee does not currently disclose,
nonpublic
personal financial information.
Sec. 527. (1) A licensee shall provide any notice required
under this chapter so that each consumer can reasonably be expected
to receive actual notice in writing or, if the consumer agrees,
electronically. A licensee may reasonably expect that a consumer
will receive actual notice if the licensee does any of the
following:
(a) Hand delivers a printed copy of the notice to the
consumer.
(b) Mails a printed copy of the notice to the last known
address of the consumer separately, or in a policy, billing, or
other written communication.
(c) For a consumer who conducts transactions electronically,
posts the notice on the electronic site and requires the consumer
to acknowledge receipt of the notice as a necessary step to
obtaining a particular insurance product or service.
(d) For an isolated transaction with a consumer, such as the
licensee providing an insurance quote or selling the consumer
travel insurance, posts the notice and requires the consumer to
acknowledge receipt of the notice as a necessary step to obtaining
the particular insurance product or service.
(2) The following do not provide a reasonable expectation that
a consumer will receive actual notice of a licensee's privacy
policies and practices under subsection (1):
(a) The licensee only posts a sign in its office or generally
publishes advertisements of its privacy policies and practices.
(b) The licensee sends the notice via electronic mail to a
consumer who does not obtain an insurance product or service from
the licensee electronically.
(3) A licensee may reasonably expect that a customer will
receive actual notice of the licensee's annual notice in either of
the following cases:
(a) The customer uses the licensee's website to access
insurance products and services electronically and agrees to
receive notices at the website and the licensee posts its current
privacy notice continuously in a clear and conspicuous manner on
the website.
(b) The customer has requested that the licensee refrain from
sending any information regarding the customer relationship, and
the licensee's current privacy notice remains available to the
customer upon request.
(4) A licensee shall not provide any notice required by this
chapter solely by orally explaining the notice, either in person or
over the telephone.
(5)
For customers only, a licensee shall provide the initial
annual
and revised notices so that the customer can retain them or
obtain them later in writing or, if the customer agrees,
electronically.
A licensee provides an initial, annual , or revised
notice to the customer so that the customer can retain it or obtain
it later if the licensee does any of the following:
(a) Hand delivers a printed copy of the notice to the
customer.
(b) Mails a printed copy of the notice to the last known
address of the customer.
(c)
Makes the current initial, annual , or revised notice
available on a website or a link to another website for the
customer who obtains an insurance product or service electronically
and agrees to receive the notice at the website.
(6) A licensee may provide a joint notice from the licensee
and 1 or more of its affiliates or other financial institutions, as
identified in the notice, if the notice is accurate with respect to
the licensee and the other institutions. A licensee may also
provide a notice on behalf of another financial institution, as
identified in the notice, if the notice is accurate with respect to
the licensee and the other institution.
(7) If 2 or more consumers jointly obtain an insurance product
or
service from a licensee, the licensee may satisfy the initial,
annual ,
and revised notice requirements by
providing 1 notice to
those consumers jointly.
Sec. 543. A licensee shall not unfairly discriminate against
any
consumer because that consumer has opted out or intends to opt
out
from not given prior and
specific informed consent to the
disclosure of his or her nonpublic personal financial information
pursuant to the provisions of this chapter.
Enacting section 1. Sections 505, 507, 509, 511, 517, 519,
521, 523, 525, 529, 531, 533, 535, 537, 539, 540, and 545 of the
insurance code of 1956, 1956 PA 218, MCL 500.505, 500.507, 500.509,
500.511, 500.517, 500.519, 500.521, 500.523, 500.525, 500.529,
500.531, 500.533, 500.535, 500.537, 500.539, 500.540, and 500.545,
are repealed.