The Michigan House of Representatives today voted overwhelmingly to advance a plan sponsored by state Rep. Diana Farrington, of Utica, requiring companies that store personal identity information to disclose when their data has been compromised in a timely fashion.
There is no specific notification timeframe within current state law when a data breach occurs and financial, health, government or bank records have been accessed. There is also no requirement to notify the state when a wide-scale breach happens. Ultimately, this leads to consumers being the last to know that their information has been compromised.
“This proposal puts Michigan consumers first when there are instances of compromised data,” said Farrington, who chairs the House Financial Services Committee. “Consumer protections are always important – and now many people across Michigan and in Macomb County have been put in dire financial straits through no fault of their own due to COVID-19. They don’t need the additional stress that is brought on when your personal information is potentially in someone else’s hands.
“It’s simply good customer service to notify people of a data breach when they could be impacted by that breach. That’s what this plan works towards – entities that do business in Michigan providing good customer service to Michigan residents.”
House Bills 4186-87 create the Data Breach Notification Act. The plan clearly defines what personal identity information is covered, who is responsible for reporting a breach and the acceptable time in which to do so.
The total number of breaches nationally was up 33 percent last year from the previous annual amount, according to research, with medical services, retailers and public entities most affected. Cyber risk analytics firm Risk Based Security estimated there were nearly 5,200 data breaches in the United States last year, exposing a total of almost 8 billion records. Some of the country’s largest companies were hit, including Marriott – which saw a record-setting breach exposed passport numbers and credit card information for up to 383 million guests; Facebook – which had 540 million names and passwords exposed, and Capital One – left reeling after a breach surrendered 100 million credit card applications, 140,000 social security numbers and 80,000 bank account numbers.
Alabama, Arizona and Florida have all unanimously passed nearly identical data breach laws outlining specific timeframes for notification. Each state did so with the support of the business communities in their respective states.
Farrington has been working to protect consumers during the majority of her tenure in the Michigan House, having introduced similar proposals during the 2017-18 legislative term. HBs 4186-87 now move to the Senate for further consideration.
State Rep. Diana Farrington, chair of the House Financial Services Committee, today celebrated Michigan students who will learn critical knowledge and skills in a personal finance course that will be required across the state under her plan that was signed into law this afternoon.
With overwhelming bipartisan support, the Michigan House of Representatives today approved state Rep. Diana Farrington’s plan to teach Michigan students how to manage their personal finances.