Bill Text: MI HB5412 | 2009-2010 | 95th Legislature | Introduced
Bill Title: Financial institutions; credit unions; procedure for the disclosure of nonpublic financial information to unaffiliated third parties; revise. Amends 2003 PA 215 (MCL 490.101 - 490.601) by adding secs. 388, 389 & 390.
Spectrum: Partisan Bill (Democrat 10-0)
Status: (Introduced - Dead) 2009-09-22 - Printed Bill Filed 09/18/2009 [HB5412 Detail]
Download: Michigan-2009-HB5412-Introduced.html
HOUSE BILL No. 5412
September 17, 2009, Introduced by Reps. Geiss, Switalski, Tlaib, Durhal, Roberts, Robert Jones, Liss, Kennedy, Nathan and Jackson and referred to the Committee on Banking and Financial Services.
A bill to amend 2003 PA 215, entitled
"Credit union act,"
(MCL 490.101 to 490.601) by adding sections 388, 389, and 390.
THE PEOPLE OF THE STATE OF MICHIGAN ENACT:
Sec. 388. (1) A domestic credit union shall use reasonable
care to secure nonpublic personal financial information from
unauthorized access.
(2) A domestic credit union shall not disclose nonpublic
personal financial information to a person without the prior and
specific informed consent, in writing, of the individual to whom
the nonpublic personal financial information pertains. This
subsection does not apply if the disclosure is required by law.
(3) A domestic credit union shall disclose nonpublic personal
financial information to which subsection (2) does not apply only
if the person to whom the disclosure is made agrees to protect and
use the disclosed information only in the manner authorized by the
credit union under section 389. This subsection does not apply to a
disclosure made to the commissioner, another governmental agency or
entity, or a court.
(4) If an individual authorizes the release of nonpublic
personal financial information under subsection (2) to a specific
person, a domestic credit union shall disclose the information to
that person only if the person agrees not to release the
information to another person without another prior and specific
informed consent from the individual, in writing, authorizing the
additional release.
(5) This section does not preclude the release of information
pertaining to an individual to that individual by telephone if the
identity of the individual is verified.
(6) A domestic credit union shall not refuse to extend or
continue credit to, refuse to open or continue an account for, deny
membership to or terminate the membership of, refuse to provide any
benefits of membership to, or otherwise unfairly retaliate or
discriminate against an individual because that individual refuses
or fails to consent to disclosure of his or her nonpublic personal
financial information under subsection (2).
(7) As used in this section and section 389:
(a) "Nonpublic personal financial information" means
personally identifiable financial information and any list,
description, or other grouping of consumers and publicly available
information pertaining to them that is derived using any personally
identifiable financial information that is not publicly available.
Nonpublic personal financial information does not include any of
the following:
(i) Financial information otherwise protected by state or
federal law.
(ii) Publicly available information.
(iii) Any list, description, or other grouping of consumers and
publicly available information pertaining to them that is derived
without using any personally identifiable financial information
that is not publicly available.
(b) "Personally identifiable financial information" means any
of the following:
(i) Information a consumer provides to a domestic credit union
to obtain a financial product or service from the domestic credit
union.
(ii) Information about a consumer resulting from any
transaction involving a financial product or service between a
domestic credit union and a consumer.
(iii) Information a domestic credit union otherwise obtains
about a consumer in connection with providing a financial product
or service to that consumer.
(c) "Publicly available information" means any information
that a domestic credit union has a reasonable basis to believe is
lawfully made available to the general public from federal, state,
or local government records by wide distribution by the media or by
disclosures to the general public that are required to be made by
federal, state, or local law. A domestic credit union has a
reasonable basis to believe that information is lawfully made
available to the general public if both of the following apply:
(i) The domestic credit union has taken steps to determine that
the information is of the type that is available to the general
public.
(ii) If an individual can direct that the information not be
made available to the general public, that the domestic credit
union's consumer has not directed that the information not be made
available to the general public.
Sec. 389. A domestic credit union shall establish and make
public a policy regarding the protection of privacy and the
confidentiality of nonpublic personal financial information. The
policy shall do at least all of the following:
(a) Provide for the credit union's implementation of the
requirements of this act and other applicable laws respecting
collection, security, use, release of, and access to nonpublic
personal financial information.
(b) Identify the routine uses of nonpublic personal financial
information by the credit union; prescribe the means by which
individuals will be notified regarding those uses; and provide for
notification regarding the actual release of nonpublic personal
financial information that may be identified with, or that may
concern, an individual, upon specific request by that individual.
As used in this subdivision, "routine use" means the ordinary use
or release of nonpublic personal financial information compatible
with the purpose for which the information was collected.
(c) Assure that no person has access to nonpublic personal
financial information except on the basis of a need to know.
(d) Establish the contractual or other conditions under which
the credit union may release nonpublic personal financial
information.
(e) Provide that enrollment applications and claim forms
developed by the credit union shall contain an individual's consent
to the release of data and information that is limited to the data
and information necessary for the proper review and payment of
claims, and shall reasonably notify individuals of their rights
under the credit union's policy and applicable law.
Sec. 390. Sections 388 and 389 do not limit access to records
or enlarge or diminish the investigative and examination powers of
governmental agencies as provided for by law.
