MCL - Index of 218-1956-5A
NOTE: Dates reflect any modification to item, not necessarily a change in law.
| Title | Subject |
|---|---|
| 218-1956-5A | CHAPTER 5A DATA SECURITY (500.550...500.565) |
| Section 500.550 | Private cause of action not created; exclusive standards. |
| Section 500.553 | Definitions. |
| Section 500.555 | Comprehensive written information security program; requirements; duties of licensee and board of directors; third-party service provider; incident response plan; certification of compliance. |
| Section 500.557 | Occurrence of cybersecurity event; investigation; maintenance of records. |
| Section 500.559 | Notification of cybersecurity event involving nonpublic information; duty to update and supplement notifications to director; contents; application to third-party service provider; duties of ceding insurers with direct contractual relationship. |
| Section 500.561 | Notice of cybersecurity event to residents of this state; conditions and requirements; duties of licensee; substitute notice; notification to certain consumer reporting agencies; exception; compliance with health insurance portability and accountability act considered compliance with section; notice with intent to defraud; misdemeanor; penalty; failure to provide notice; civil fine; aggregate liability; applicability of section; definitions. |
| Section 500.563 | Confidentiality; use of documents, materials, or other information; duties of director. |
| Section 500.565 | Exemption for certain licensees; timeline for implementation and compliance. |