The bill amends the Michigan Insurance Code of 1956 to enhance cybersecurity measures and the handling of nonpublic information by licensed insurers. It introduces new definitions for "authorized individual," "cybersecurity event," and "nonpublic information," which clarify who can access sensitive data and the nature of cybersecurity incidents. The bill outlines the responsibilities of licensees in the event of a cybersecurity breach, including the requirement to notify affected residents and the conditions for such notifications. It also modifies the existing notification process, emphasizing timely communication and increasing penalties for non-compliance, while removing previous limitations on when notifications are necessary.

Additionally, the bill addresses the confidentiality of documents and information related to the director's regulatory duties, establishing that such information is not subject to subpoena or admissible in civil actions, but can be used for regulatory purposes. It allows the director to share confidential information with other regulatory agencies and law enforcement under confidentiality agreements and clarifies that sharing with third-party consultants is permissible. The bill also ensures that a waiver of confidentiality does not occur when documents are disclosed to the director and aligns the release of final adjudicated actions with the Freedom of Information Act, while maintaining the confidentiality of documents held by the National Association of Insurance Commissioners and third-party consultants.