SB0672: SUMMARY OF BILL ON THIRD READING (Date Completed: 3-9-22)

TORT; CYBERSECURITY PROGRAM REQ. S.B. 672 (S-2):

SUMMARY OF BILL

ON THIRD READING

Senate Bill 672 (Substitute S-2 as reported by the Committee of the Whole)

Sponsor: Senator Wayne A. Schmidt

Committee: Energy and Technology

CONTENT

The bill would amend the Identity Theft Protection Act to do the following:

-- Specify that a covered entity would be entitled to an affirmative defense to any tort cause of action that alleged that the covered entity's failure to implement reasonable information security controls resulted in a security breach if the covered entity demonstrated that its cybersecurity program met requirements prescribed by the bill, as applicable.

-- Specify that the bill would not provide a private right of action, including a class action, with respect to any act or practice under the bill.

-- Specify that if there were a choice of law provision in an agreement that designated the State as the governing law, the bill would have to be applied, if applicable, to the fullest extent possible in a civil action brought against a person regardless of whether the civil action was brought in the State or another state.

Proposed MCL 445.72c Legislative Analyst: Tyler VanHuyse

FISCAL IMPACT

The bill likely would have no fiscal impact on State or local government. The bill would not generate or spend State or local funds, and it would be more likely than not to discourage the filing of civil complaints for negligence against covered entities.

Date Completed: 3-9-22 Fiscal Analyst: Michael Siracuse

This analysis was prepared by nonpartisan Senate staff for use by the Senate in its deliberations and does not constitute an official statement of legislative intent.