Bill Text: MI HB5227 | 2015-2016 | 98th Legislature | Introduced
Bill Title: Financial institutions; credit unions; procedure for the disclosure of nonpublic financial information to unaffiliated third parties; revise. Amends 2003 PA 215 (MCL 490.101 - 490.601) by adding secs. 388, 389 & 390.
Spectrum: Slight Partisan Bill (Democrat 4-2)
Status: (Introduced - Dead) 2016-01-26 - Bill Electronically Reproduced 01/21/2016 [HB5227 Detail]
Download: Michigan-2015-HB5227-Introduced.html
HOUSE BILL No. 5227
January 21, 2016, Introduced by Reps. Moss, Lucido, Irwin, Runestad, Singh and Derek Miller and referred to the Committee on Financial Services.
A bill to amend 2003 PA 215, entitled
"Credit union act,"
(MCL 490.101 to 490.601) by adding sections 388, 389, and 390.
THE PEOPLE OF THE STATE OF MICHIGAN ENACT:
Sec. 388. (1) A domestic credit union shall use reasonable
care to secure an individual's nonpublic personal financial
information from unauthorized access.
(2) Unless the disclosure is required by law, a domestic
credit union shall not disclose an individual's nonpublic personal
financial information to a person without the prior and specific
informed consent, in writing, of the individual, and the individual
may withdraw his or her consent at any time.
(3) If an individual has consented to the disclosure of
nonpublic personal financial information to a person under
subsection (2), the domestic credit union shall disclose nonpublic
personal financial information only if the person to agrees to
protect and use the disclosed information only in the manner
authorized by the credit union under section 389. This subsection
does not apply to a disclosure made to the department of insurance
and financial services, the director of that department, another
governmental agency or entity, or a court.
(4) If an individual authorizes the release of nonpublic
personal financial information under subsection (2) to a specific
person, a domestic credit union shall disclose the information to
that person only if the person agrees not to release the
information to another person without another prior and specific
informed consent from the individual, in writing, authorizing the
additional release.
(5) This section does not preclude the release of information
pertaining to an individual to that individual by telephone if the
identity of the individual is verified.
(6) A domestic credit union shall not refuse to extend or
continue credit to, refuse to open or continue an account for, deny
membership to or terminate the membership of, refuse to provide any
benefits of membership to, or otherwise unfairly retaliate or
discriminate against an individual because that individual refuses
or fails to consent to disclosure of his or her nonpublic personal
financial information under subsection (2).
(7) As used in this section and section 389:
(a) "Nonpublic personal financial information" means
personally identifiable financial information and any list,
description, or other grouping of consumers and publicly available
information pertaining to them that is derived using any personally
identifiable financial information that is not publicly available.
Nonpublic personal financial information does not include any of
the following:
(i) Financial information otherwise protected by state or
federal law.
(ii) Publicly available information.
(iii) Any list, description, or other grouping of consumers
and publicly available information pertaining to them that is
derived without using any personally identifiable financial
information that is not publicly available.
(b) "Personally identifiable financial information" means any
of the following:
(i) Information a consumer provides to a domestic credit union
to obtain a financial product or service from the domestic credit
union.
(ii) Information about a consumer resulting from any
transaction involving a financial product or service between a
domestic credit union and a consumer.
(iii) Information a domestic credit union otherwise obtains
about a consumer in connection with providing a financial product
or service to that consumer.
(c) "Publicly available information" means any information
that a domestic credit union has a reasonable basis to believe is
lawfully made available to the general public from federal, state,
or local government records by wide distribution by the media or by
disclosures to the general public that are required to be made by
federal, state, or local law. A domestic credit union has a
reasonable basis to believe that information is lawfully made
available to the general public if both of the following apply:
(i) The domestic credit union has taken steps to determine
that the information is of the type that is available to the
general public.
(ii) If an individual can direct that the information not be
made available to the general public, that the domestic credit
union's consumer has not directed that the information not be made
available to the general public.
Sec. 389. A domestic credit union shall establish and make
public a policy regarding the protection of privacy and the
confidentiality of nonpublic personal financial information. The
policy shall do at least all of the following:
(a) Provide for the credit union's implementation of the
requirements of this act and other applicable laws respecting
collection, security, use, release of, and access to nonpublic
personal financial information.
(b) Identify the routine uses of nonpublic personal financial
information by the credit union; prescribe the means by which
individuals will be notified regarding those uses; and provide for
notification regarding the actual release of nonpublic personal
financial information that may be identified with, or that may
concern, an individual, upon specific request by that individual.
As used in this subdivision, "routine use" means the ordinary use
or release of nonpublic personal financial information compatible
with the purpose for which the information was collected.
(c) Assure that no person has access to nonpublic personal
financial information except on the basis of a need to know.
(d) Establish the contractual or other conditions under which
the credit union may release nonpublic personal financial
information.
(e) Provide that enrollment applications and claim forms
developed by the credit union shall contain an individual's consent
to the release of data and information that is limited to the data
and information necessary for the proper review and payment of
claims, and shall reasonably notify individuals of their rights
under the credit union's policy and applicable law.
Sec. 390. Sections 388 and 389 do not limit access to records
or enlarge or diminish the investigative and examination powers of
governmental agencies as provided for by law.
Enacting section 1. This amendatory act takes effect 90 days
after the date it is enacted into law.
