LANSING – Banks, businesses, government agencies and nonprofits that suffer a data security breach would have 45 days to inform all of their impacted customers, under a pair of bills reported out of the House Financial Services Committee Wednesday.
HB 6405 and HB 6406, sponsored by Committee Chair Diana Farrington (R-Utica) and Rep. Joseph Graves (R-Linden), would assess $2,000 fines for each violation or $5,000 for each day a “covered entity” fails to take action to comply with the notice requirements. The maximum fine would be $250,000 for the same security breach.
The 45-day time period was the main point of contention. A General Motors representative did not speak, but submitted a card urging the time period be extended to 90 days.
This story was published by Small Business Association of Michigan.