Although Michigan has not successfully passed a Michigan privacy law, this state boasts several privacy-related laws that govern different aspects of privacy protection. Here are some privacy laws in effect in Michigan for years.
Michigan Identity Theft Protection Act (ITPA)
The ITPA establishes requirements for businesses to protect personal information and respond to data breaches. It includes provisions for data breach notification, disposal of personal information, and restrictions on the display of social security numbers.
Internet Privacy Protection Act
The “Internet Privacy Protection Act” (IPPA or the “Act”) was enacted on December 28, 2012, establishing a social media law in Michigan. According to the Internet Privacy Protection Act, owners of commercial websites and online services that gather information on Michigan residents’ personally identifying characteristics are required to post a privacy statement outlining how the data will be used and shared.
Key Features of the Michigan IPPA
According to the IPPA Michigan personal privacy protection act, employers are not allowed to ask workers or applicants for access to, permission to view, or disclosure of information that permits access to or viewing of “personal internet accounts,” including Gmail, Facebook, and Twitter. An employer is prohibited by the IPPA from firing, punishing, rejecting, or otherwise penalizing an employee or applicant who refuses such requests. There are several specified exclusions in the statute.
Those found in violation of the IPAA Michigan privacy act are committing a misdemeanor, which carries a maximum $1,000 fine. People can file a civil lawsuit to stop the violation, and they are entitled to receive up to $1,000 in damages, reasonable attorney fees, and court costs. However, a person must first serve the alleged offender with a written demand for the claimed violation, which must include reasonable proof of the infringement and be for no more than $1,000. Finally, it is an affirmative defense to an IPPA claim that the employer took certain actions in order to abide by applicable federal or state laws.
According to the IPPA, educational institutions are not allowed to demand the same information from current or prospective students. They are also not allowed to expel, discipline, refuse to enroll, or otherwise penalize individuals who refuse to offer access to their personal internet accounts.
2022 Attempt at Michigan Personal Data Privacy Act
Sen. Rosemary Bayer of Michigan and eight other Democrats submitted Senate Bill 1182, introducing the Michigan Personal Data Privacy Act, on September 27, 2022.
The bill sought to establish consumer privacy rights, mandate specific notices to consumers regarding the processing and sale of their personal data, prohibit specific acts and practices related to such processing and sale, establish standards and practices related to such processing and sale, define the authority and responsibilities of various state government officers and entities, and establish certain funds.
Businesses that retain data on more than 100,000 customers and those that keep data on more than 25,000 consumers and generate 50% of their gross revenue from data sales are both covered by the bill. Consumer opt-outs for targeted advertising and data sales, a data broker register, a 30-day right of cure, and a private right of action with 30 days’ notice are notable aspects. Referred to the Senate Committee on Energy and Technology, the bill was never heard there.
The privacy laws that were enacted in Connecticut, Virginia, Colorado, Utah, and California were comparable to this legislation. The opt-in requirement for the processing of all personal data, however, constitutes a material departure from the aforementioned laws.
Michigan Employee Privacy Laws
Until it passes a more encompassing privacy law, Michigan law provides limited privacy protection to employees.
