HOUSE BILL No. 5228

January 21, 2016, Introduced by Reps. Lucido, Moss, Irwin, Runestad, Singh and Derek Miller and referred to the Committee on Financial Services.

     A bill to amend 1996 PA 354, entitled

"Savings bank act,"

(MCL 487.3101 to 487.3804) by adding sections 515, 516, and 517.

THE PEOPLE OF THE STATE OF MICHIGAN ENACT:

     Sec. 515. (1) A savings bank shall use reasonable care to

secure an individual's nonpublic personal financial information

from unauthorized access.

     (2) Unless the disclosure is required by law, a savings bank

shall not disclose an individual's nonpublic personal financial

information to a person without the prior and specific informed

consent, in writing, of the individual, and the individual may

withdraw his or her consent at any time.

     (3) If an individual has consented to the disclosure of

nonpublic personal financial information to a person under

subsection (2), the savings bank shall disclose nonpublic personal

financial information only if the person agrees to protect and use

the disclosed information only in the manner authorized by the

savings bank under section 516. This subsection does not apply to a

disclosure made to the department of insurance and financial

services, the director of that department, another governmental

agency or entity, or a court.

     (4) If an individual authorizes the release of nonpublic

personal financial information under subsection (2) to a specific

person, a savings bank shall disclose the information to that

person only if the person agrees not to release the information to

another person without another prior and specific informed consent

from the individual, in writing, authorizing the additional

release.

     (5) This section does not preclude the release of information

pertaining to an individual to that individual by telephone if the

identity of the individual is verified.

     (6) A savings bank shall not refuse to extend or continue

credit to, refuse to open or continue an account for, terminate or

refuse to create a membership or depositor relationship with,

refuse to provide any benefits to which members or depositors are

entitled, or otherwise unfairly retaliate or discriminate against

an individual because that individual refuses or fails to consent

to disclosure of his or her nonpublic personal financial

information under subsection (2).

     (7) As used in this section and section 516:

     (a) "Nonpublic personal financial information" means

personally identifiable financial information and any list,

description, or other grouping of consumers and publicly available

information pertaining to them that is derived using any personally

identifiable financial information that is not publicly available.

Nonpublic personal financial information does not include any of

the following:

     (i) Financial information otherwise protected by state or

federal law.

     (ii) Publicly available information.

     (iii) Any list, description, or other grouping of consumers

and publicly available information pertaining to them that is

derived without using any personally identifiable financial

information that is not publicly available.

     (b) "Personally identifiable financial information" means any

of the following:

     (i) Information a consumer provides to a savings bank to

obtain a financial product or service from the savings bank.

     (ii) Information about a consumer resulting from any

transaction involving a financial product or service between a

savings bank and a consumer.

     (iii) Information a savings bank otherwise obtains about a

consumer in connection with providing a financial product or

service to that consumer.

     (c) "Publicly available information" means any information

that a savings bank has a reasonable basis to believe is lawfully

made available to the general public from federal, state, or local

government records by wide distribution by the media or by

disclosures to the general public that are required to be made by

federal, state, or local law. A savings bank has a reasonable basis

to believe that information is lawfully made available to the

general public if both of the following apply:

     (i) The savings bank has taken steps to determine that the

information is of the type that is available to the general public.

     (ii) If an individual can direct that the information not be

made available to the general public, that the savings bank's

consumer has not directed that the information not be made

available to the general public.

     Sec. 516. A savings bank shall establish and make public a

policy regarding the protection of privacy and the confidentiality

of nonpublic personal financial information. The policy shall do at

least all of the following:

     (a) Provide for the savings bank's implementation of the

requirements of this act and other applicable laws respecting

collection, security, use, release of, and access to nonpublic

personal financial information.

     (b) Identify the routine uses of nonpublic personal financial

information by the savings bank; prescribe the means by which

individuals will be notified regarding those uses; and provide for

notification regarding the actual release of nonpublic personal

financial information that may be identified with, or that may

concern, an individual, upon specific request by that individual.

As used in this subdivision, "routine use" means the ordinary use

or release of nonpublic personal financial information compatible

with the purpose for which the information was collected.

     (c) Assure that no person has access to nonpublic personal

financial information except on the basis of a need to know.

     (d) Establish the contractual or other conditions under which

the savings bank may release nonpublic personal financial

information.

     (e) Provide that enrollment applications and claim forms

developed by the savings bank shall contain an individual's consent

to the release of data and information that is limited to the data

and information necessary for the proper review and payment of

claims, and shall reasonably notify individuals of their rights

under the savings bank's policy and applicable law.

     Sec. 517. Sections 515 and 516 do not limit access to records

or enlarge or diminish the investigative and examination powers of

governmental agencies as provided for by law.

     Enacting section 1. This amendatory act takes effect 90 days

after the date it is enacted into law.