<html>

<head>
<meta name="bill" content="HB5275">
<meta name="title" content="Summary as Reported From Committee (2/26/2018)">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered)">
<title>HB5275 - Summary as Reported From Committee (2/26/2018)</title>


</head>

<body lang="EN-US" link="blue" vlink="#954F72"><img src="/halogo.gif" width="158" height="120">

<div>

<p><b>SECURITY BREACH DISCLOSURE FOR INSURERS</b></p>



<p><b>House Bill 5275 (reported from committee as H-2)</b></p>

<p><b>Sponsor:  Rep. Tom Cochran</b></p>

<p><b>Committee:  Insurance</b></p>

<p><b>Complete to 2-26-18</b></p>



<p style='text-align:justify'><b>SUMMARY: </b></p>



<p style='margin-left:.5in;text-align:justify'><a name="StartText"></a><u>House Bill 5275</u> would amend Chapter 4 of the
Insurance Code (Authorization of Insurer and General Requirements) to require
an additional report to be sent to the director of the Department of Insurance
and Financial Services (DIFS) if an insurer has a security breach.</p>



<p style='margin-left:.5in;text-align:justify'>Currently under
the Code, an insurer must prepare and deposit an annual statement concerning
its affairs in a form and manner as prescribed by the director of DIFS; the
statement is due each March 1.</p>



<p style='margin-left:.5in;text-align:justify'>In addition to
the annual statement, <u>the bill</u> would require that an insurer transacting
business in Michigan that was required to provide notice of a security breach to
a Michigan resident under Section 12 of the Identity Theft Prevention Act (MCL
445.72) must submit a report to the director that discloses the security breach.
The report would be due on or before March 1 of the year following the security
breach and submitted in a form prescribed by the director.</p>



<p style='margin-left:.5in;text-align:justify'>(Section 12 of
the Identity Theft Prevention Act requires entities to notify affected Michigan
residents when the security of a database containing personal information
maintained by that entity is breached and creates a protocol for the
notification.)</p>



<p style='margin-left:1.0in;text-align:justify'>Under the bill,
<b><i>security breach</i></b> would mean that term as defined in Section 3 of the
Identity Theft Prevention Act: an unauthorized access and acquisition of data
that compromises the security or confidentiality of personal information
maintained by a person or agency as part of a database of personal information
regarding multiple individuals. The term would not include unauthorized access
to data by an employee or other individual if the employee or individual acted
in good faith in accessing the data, the access was related to the activities
of the person or agency, and the employee or individual did not misuse any
personal information or disclose any personal information to an unauthorized
person.</p>



<p style='margin-left:.5in;text-align:justify'>MCL 500.438</p>



<p style='text-align:justify'><b>BRIEF DISCUSSION:</b></p>



<p style='margin-left:.5in;text-align:justify'>According to
supporters, the bill is intended to provide an additional layer of oversight for
insurers in an area that has increasingly become a concern: data hacking and
breaches of personal information. While Michigan law already requires
notification of a security breach to affected residents, there is no
requirement for insurers to notify the state in the event of a breach. The bill
will increase transparency surrounding security breaches and allow DIFS to
communicate directly with insurers on this issue. </p>



<p style='text-align:justify'><b>FISCAL IMPACT: </b></p>



<p style='margin-left:.5in;text-align:justify'>House Bill 5275
would not have a fiscal impact on the Department of Insurance and Financial
Services or on other units of state or local government.</p>



<p style='text-align:justify'><b>POSITIONS:</b></p>



<p style='margin-left:27.0pt;text-align:justify'>A
representative of the Department of Insurance and Financial Services indicated
a <u>neutral</u> position regarding the bill. (2-15-18)</p>















































<p style='text-align:justify'>                                                                                        Legislative
Analyst:   <a name="Analyst"></a>Patrick Morris</p>

<p style='text-align:justify'>                                                                                                Fiscal
Analyst:   Marcus Coffin</p>

<div style='border:none;border-bottom:solid windowtext 1.0pt;padding:0in 0in 1.0pt 0in'>



</div>

<p style='text-align:justify'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>&#9632;</span><span style='font-size:10.0pt'>
This analysis was prepared by nonpartisan House Fiscal Agency staff for use by
House members in their deliberations, and does not constitute an official
statement of legislative intent.</span></p>

</div>

</body>

</html>