IDENTITY THEFT PROTECTION; MODIFY S.B. 888 (S-1) & 889 - 892:
SUMMARY OF BILL
REPORTED FROM COMMITTEE
Senate Bill 888 (Substitute S-1 as reported)
Senate Bills 889 through 892 (as reported without amendment)
Sponsor: Senator Rosemary Bayer
Committee: Finance, Insurance, and Consumer Protection
CONTENT
Senate Bill 888 (S-1) would require private and State entities that had access to State
residents' personal information to maintain security procedures for the protection of that
information. These procedures would include the assignment of a security coordinator and
the implementation of appropriate safeguards to protect the information, among other things.
An entity that reasonably conformed to an industry recognized cybersecurity framework would
meet the bill's requirements if specific circumstances applied. In the case of a security breach,
the bill would require an entity to notify affected residents and provide specific information
concerning consumer protections and actions taken to rectify the breach. If a breach affected
more than 100 residents, the entity would have to notify the Attorney General. The bill would
prescribe civil fines for failing to comply with the bill's requirements. Senate Bills 889 through
892 would modify Michigan Compiled Laws (MCL) references in various acts in accordance
with Senate Bill 888 (S-1)'s proposed changes.
BRIEF RATIONALE
According to testimony, the number of identity thefts has risen sharply. Scammers can steal
money by targeting the personal data collected for Social Security, Medicare, and
unemployment benefits without the people referenced in that data ever knowing. Some have
argued that entities that collect data should be held accountable when they do not do enough
to keep personal data safe and that they should be required to notify consumers if their
personal data is leaked.
MCL 445.75 et al. (S.B. 888) Legislative Analyst: Nathan Leaman
487.2142 (S.B. 889); 750.159g (S.B. 890)
8.9 (S.B. 891); 762.10c (S.B. 892)
FISCAL IMPACT
Senate Bill 888 (S-1) could have a positive fiscal impact on the State and local units of
government. The bill would impose civil fines ranging from a low of $250 up to a maximum
fine of $750,000. Revenue collected from civil fines is used to support local libraries.
Additionally, $10 of the civil fine would be deposited into the State Justice System Fund. This
Fund supports justice-related activities across State government in the Departments of
Corrections, Health and Human Services, State Police, and Treasury. The Fund also supports
justice-related issues in the Legislative Retirement System and the Judiciary. The amount of
revenue to the State or for libraries is indeterminate and dependent on the number of
violations and fines imposed.
The bills would enhance notice requirements for private and public entities, including State
departments and educational institutions, whenever a data breach was discovered. Depending
on the size of the data breach and how many residents were affected, these notice
requirements could have a significant, thought indeterminate, fiscal impact on State agencies.
Page 1 of 2 sb888-892/2324
The bills also would enhance security procedures for State agencies that housed or accessed
personal information. Per the language of the bill, these security enhancements could vary
based on the amount of personal information used or stored by a particular State agency.
State departments and education institutions could have increased costs to meet these
requirements, but those costs are indeterminate.
The bills would empower the Attorney General to investigate and prosecute data breach
violations and provide for voluntary payments to offset the costs of investigation and attorney
fees. While this would offset many costs, it is possible the Attorney General would require
additional appropriations and full-time equivalents to pursue data breach violations,
depending on the volume of investigations and prosecutions sought.
Date Completed: 12-13-24 Fiscal Analyst: Joe Carrasco, Jr.
Michael Siracuse
SAS\Floors2324\sb888
This analysis was prepared by nonpartisan Senate staff for use by the Senate in its deliberations and does not constitute an official
statement of legislative intent.
Page 2 of 2 Bill Analysis @ www.senate.michigan.gov/sfa sb888-892/2324

Statutes affected:
Substitute (S-1): 445.63
Senate Introduced Bill: 445.63
As Passed by the Senate: 445.63