Bill Text: MI HB5948 | 2015-2016 | 98th Legislature | Introduced
Bill Title: State agencies (existing); generally; database security breach policy for state agencies; provide for. Amends sec. 287 of 1984 PA 431 (MCL 18.1287).
Spectrum: Strong Partisan Bill (Democrat 10-1)
Status: (Introduced - Dead) 2016-11-09 - Bill Electronically Reproduced 10/19/2016 [HB5948 Detail]
Download: Michigan-2015-HB5948-Introduced.html
HOUSE BILL No. 5948
October 19, 2016, Introduced by Reps. Chirkun, Robinson, Liberati, Lucido, Lane, LaVoy, Wittenberg, Gay-Dagnogo, Faris, Dianda and Talabi and referred to the Committee on Government Operations.
A bill to amend 1984 PA 431, entitled
"The management and budget act,"
by amending section 287 (MCL 18.1287), as amended by 2001 PA 71.
THE PEOPLE OF THE STATE OF MICHIGAN ENACT:
Sec. 287. (1) The department shall maintain a records
management program to provide for the development, implementation,
and coordination of standards, procedures, and techniques for forms
management, and for the creation, retention, maintenance,
preservation, and disposition of the records of this state. All
records of this state are and shall remain the property of this
state and shall be preserved, stored, transferred, destroyed,
disposed of, and otherwise managed pursuant to this act and other
applicable provisions of law.
(2) In managing the records of this state, the department
shall do all of the following:
(a) Establish, implement, and maintain standards, procedures,
and techniques of records management throughout state agencies.
(b) Provide education, training, and information programs to
state agencies regarding each phase of records management.
(c) Promote the establishment of a vital records program in
each state agency by assisting in identifying and preserving
records considered to be critically essential to the continued
operation of state government or necessary to the protection of the
rights and privileges of its citizens, or both. Preservation of
designated vital records shall be accomplished by storing duplicate
copies of the original records in a secure remote records center to
assure retention of those records in the event of disaster and loss
of original records.
(d) Operate a records center or centers for the purpose of
providing maintenance, security, and preservation of state records.
(e) Provide centralized microfilming service and, after the
effective
date of rules promulgated under the records media
reproduction
act, 1992 PA 116, MCL 24.401 to 24.403,
24.406, to
govern optical storage, service for off-site storage of optical
discs as an integral part of the records management program.
(f) Provide safeguards against unauthorized or unlawful
disposal, removal, or loss of state records.
(g) Initiate action to recover a state record that may have
been removed unlawfully or without authorization.
(h) Establish retention and disposal schedules for the
official records of each state agency with consideration to their
administrative, fiscal, legal, and archival value.
(3) The department shall issue directives that provide for all
of the following:
(a) The security of records maintained by state agencies.
(b) The establishment of retention and disposal schedules for
all records in view of their administrative, fiscal, legal, and
archival value.
(c) The submission of proposed retention and disposal
schedules to the department of history, arts, and libraries, the
auditor general, the attorney general, and the board for review and
approval.
(d) The transfer of records from a custodian state agency to a
state records center or to the custody of the department of
history, arts, and libraries.
(e) The disposal of records pursuant to retention and disposal
schedules, or the transfer of records to the custody of the
department of history, arts, and libraries.
(f) The establishment of a records management liaison officer
in each department to assist in maintaining a records management
program.
(g) The cooperation of other state departments in complying
with this act.
(h) The storage of records in orderly filing systems designed
to make records conveniently accessible for use.
(4) The director of the department shall issue directives to
all state agencies to have a database security breach policy in
effect not later than October 1, 2016. As part of the database
security breach policy, the department shall ensure all the
following if the department determines that a database security
breach has occurred in a database operated or maintained by a state
agency:
(a) Assist state residents in obtaining and preparing the
appropriate documentation to restore their credit due to that
database security breach.
(b) Subject to available funds, pay all necessary expenses in
restoring the credit of a state resident due to that database
security breach.
(c) Within 72 hours of a state agency discovering a data
security breach, provide notice to each house of representatives
member and each senate member, who represents the person who
suffered the data security breach.