Michigan Laws 445.72a – Destruction of data containing personal information required; violation as misdemeanor; fine; compliance; “destroy” defined
Current as of: 2023 | Check for updates
|
Other versions
Terms Used In Michigan Laws 445.72a
- Agency: means a department, board, commission, office, agency, authority, or other unit of state government of this state. See Michigan Laws 445.63
- Data: means computerized personal information. See Michigan Laws 445.63
- Person: means an individual, partnership, corporation, limited liability company, association, or other legal entity. See Michigan Laws 445.63
- Personal identifying information: means a name, number, or other information that is used for the purpose of identifying a specific person or providing access to a person's financial accounts, including, but not limited to, a person's name, address, telephone number, driver license or state personal identification card number, social security number, place of employment, employee identification number, employer or taxpayer identification number, government passport number, health insurance identification number, mother's maiden name, demand deposit account number, savings account number, financial transaction device account number or the person's account password, any other account password in combination with sufficient information to identify and access the account, automated or electronic signature, biometrics, stock or other security certificate or account number, credit card number, vital record, or medical records or information. See Michigan Laws 445.63
- Personal information: means the first name or first initial and last name linked to 1 or more of the following data elements of a resident of this state:
(i) Social security number. See Michigan Laws 445.63state: when applied to the different parts of the United States, shall be construed to extend to and include the District of Columbia and the several territories belonging to the United States; and the words "United States" shall be construed to include the district and territories. See Michigan Laws 8.3o
(1) Subject to subsection (3), a person or agency that maintains a database that includes personal information regarding multiple individuals shall destroy any data that contain personal information concerning an individual when that data is removed from the database and the person or agency is not retaining the data elsewhere for another purpose not prohibited by state or federal law. This subsection does not prohibit a person or agency from retaining data that contain personal information for purposes of an investigation, audit, or internal review.
(2) A person who knowingly violates this section is guilty of a misdemeanor punishable by a fine of not more than $250.00 for each violation. This subsection does not affect the availability of any civil remedy for a violation of state or federal law.
(3) A person or agency is considered to be in compliance with this section if the person or agency is subject to federal law concerning the disposal of records containing personal identifying information and the person or agency is in compliance with that federal law.
(4) As used in this section, “destroy” means to destroy or arrange for the destruction of data by shredding, erasing, or otherwise modifying the data so that they cannot be read, deciphered, or reconstructed through generally available means.