HOUSE BILL No. 5923

November 6, 2014, Introduced by Rep. McCann and referred to the Committee on Energy and Technology.

     A bill to amend 2004 PA 452, entitled

"Identity theft protection act,"

by amending section 11 (MCL 445.71), as amended by 2010 PA 315, and

by adding section 11a.

THE PEOPLE OF THE STATE OF MICHIGAN ENACT:

     Sec. 11. (1) A person shall not do any of the following in the

conduct of trade or commerce:

     (a) Deny credit or public utility service to or reduce the

credit limit of a consumer solely because the consumer was a victim

of identity theft, if the person had prior knowledge that the

consumer was a victim of identity theft. A consumer is presumed to

be a victim of identity theft for the purposes of this subdivision

if he or she provides both of the following to the person:

     (i) A copy of a police report evidencing the claim of the

victim of identity theft.

     (ii) Either a properly completed copy of a standardized

affidavit of identity theft developed and made available by the

federal trade commission under 15 USC 1681g or an affidavit of fact

that is acceptable to the person for that purpose.

     (b) Solicit to extend credit to a consumer who does not have

an existing line of credit, or has not had or applied for a line of

credit within the preceding year, through the use of an unsolicited

check that includes personal identifying information other than the

recipient's name, address, and a partial, encoded, or truncated

personal identifying number. In addition to any other penalty or

remedy under this act or the Michigan consumer protection act, 1976

PA 331, MCL 445.901 to 445.922, a credit card issuer, financial

institution, or other lender that violates this subdivision, and

not the consumer, is liable for the amount of the instrument if the

instrument is used by an unauthorized user and for any fees

assessed to the consumer if the instrument is dishonored.

     (c) Solicit to extend credit to a consumer who does not have a

current credit card, or has not had or applied for a credit card

within the preceding year, through the use of an unsolicited credit

card sent to the consumer. In addition to any other penalty or

remedy under this act or the Michigan consumer protection act, 1976

PA 331, MCL 445.901 to 445.922, a credit card issuer, financial

institution, or other lender that violates this subdivision, and

not the consumer, is liable for any charges if the credit card is

used by an unauthorized user and for any interest or finance

charges assessed to the consumer.

     (d) Extend credit to a consumer without exercising reasonable

procedures to verify the identity of that consumer. Compliance with

regulations issued for depository institutions, and to be issued

for other financial institutions, by the United States department

of treasury under section 326 of the USA patriot act of 2001, 31

USC 5318, is considered compliance with this subdivision. This

subdivision does not apply to a purchase of a credit obligation in

an acquisition, merger, purchase of assets, or assumption of

liabilities or any change to or review of an existing credit

account.

     (e) Subject to subsection (4), if the person is a person that

owns or licenses data that are included in a database, do any of

the following:

     (i) Fail to permit a consumer to review his or her personal

identifying information in the database.

     (ii) Fail to display an opt-out notice on the person's webpage

as required under section 11a.

     (iii) Accept payment from a consumer who demands to review or

remove his or her personal identifying information.

     (2) A person who knowingly or intentionally violates

subsection (1) is guilty of a misdemeanor punishable as follows:

     (a) Except as otherwise provided in subdivisions (b) and (c),

by imprisonment for not more than 93 days or a fine of not more

than $1,000.00, or both.

     (b) For a second violation, by imprisonment for not more than

93 days or a fine of not more than $2,000.00, or both.

     (c) For a third or subsequent violation, by imprisonment for

not more than 93 days or a fine of not more than $3,000.00, or

both.

     (3) Subsection (2) does not prohibit a person from being

liable for any civil remedy for a violation of this act, the

Michigan consumer protection act, 1976 PA 331, MCL 445.901 to

445.922, or any other state or federal law.

     (4) Subsection (1)(e) does not apply to a person that is a

financial institution described in section 12(9) or a person

described in section 12(10).

     Sec. 11a. A person that owns or licenses data that are

included in a database shall conspicuously post an opt-out notice

on the person's webpage. The opt-out notice must provide specific

and easily understood instructions for the consumer to make a

demand on the person's webpage that his or her personal identifying

information not be shared with or sold to a third party.