HOUSE BILL No. 5274

November 28, 2017, Introduced by Reps. Gay-Dagnogo, Moss, Rabhi, Faris, Sowerby, Chang, Hoadley, Lasinski, Cochran, Greig, Chirkun, Zemke, Wittenberg and Pagan and referred to the Committee on Insurance.

     A bill to amend 1956 PA 218, entitled

"The insurance code of 1956,"

by amending sections 503, 515, 527, and 543 (MCL 500.503, 500.515,

500.527, and 500.543), as added by 2001 PA 24, and by adding

sections 504, 506, and 510; and to repeal acts and parts of acts.

THE PEOPLE OF THE STATE OF MICHIGAN ENACT:

     Sec. 503. As used in this chapter:

     (a) "Affiliate" means any company that controls, is controlled

by, or is under common control with another company.

     (b) "Annual notice" means the privacy notice required in

section 513.

     (c) "Clear and conspicuous" means that a notice is reasonably

understandable and designed to call attention to the nature and

significance of the information in the notice.

     (d) "Collect" means to obtain information that the licensee

organizes or can retrieve by the name of an individual or by

identifying number, symbol, or other identifying particular

assigned to the individual, irrespective of the source of the

underlying information.

     (e) "Company" means any corporation, limited liability

company, business trust, general or limited partnership,

association, sole proprietorship, or similar organization.

     (b) (f) "Consumer" means an individual, or the individual's

legal representative, who seeks to obtain, obtains, or has obtained

an insurance product or service from a licensee that is to be used

primarily for personal, family, or household purposes. As used in

this chapter:

     (i) "Consumer" includes, but is not limited to, all of the

following:

     (A) An individual who provides nonpublic personal information

to a licensee in connection with obtaining or seeking to obtain

financial, investment, or economic advisory services relating to an

insurance product or service. An individual is a consumer under

this subparagraph regardless of whether the licensee establishes an

ongoing advisory relationship.

     (B) An applicant for insurance prior to before the inception

of insurance coverage.

     (C) An individual that a licensee discloses nonpublic,

personal financial information about to a nonaffiliated third

party, other than as permitted under sections 535, 537, and 539, if

the individual is any of the following:

     (I) A beneficiary of a life insurance policy underwritten by

the licensee.

     (II) A claimant under an insurance policy issued by the

licensee.

     (III) An insured under an insurance policy or an annuitant

under an annuity issued by the licensee.

     (IV) A mortgagor of a mortgage covered under a mortgage

insurance policy.

     (ii) So long as If the licensee provides the initial, annual ,

and revised notices under this chapter to the plan sponsor, group

or blanket insurance policyholders, and group annuity contract

holder and does not disclose to a nonaffiliated third party

nonpublic personal financial information, other than as permitted

under sections 535, 537, and 539, "consumer" does not include an

individual solely because he or she meets 1 of the following:

     (A) Is a participant or a beneficiary of an employee benefit

plan that the licensee administers or sponsors or for which the

licensee acts as a trustee, insurer, or fiduciary.

     (B) Is covered under a group or blanket insurance policy or

group annuity contract issued by the licensee.

     (iii) "Consumer" does not include an individual solely because

he or she meets 1 of the following:

     (A) Is a beneficiary of a trust for which the licensee is a

trustee.

     (B) Has designated the licensee as trustee for a trust.

     (g) "Consumer reporting agency" has the same meaning as in

section 603(f) of the federal fair credit reporting act, title VI

of the consumer credit act, Public Law 90-321, 15 U.S.C. 1681a.

     (c) (h) "Customer" means a consumer who has a customer

relationship with a licensee. However, customer does not include an

individual solely because he or she meets 1 of the following:

     (i) Is a participant or a beneficiary of an employee benefit

plan that the licensee administers or sponsors or for which the

licensee acts as a trustee, insurer, or fiduciary.

     (ii) Is covered under a group or blanket insurance policy or

group annuity contract issued by the licensee.

     (iii) Is a beneficiary or claimant under a policy of

insurance.

     (i) "Customer relationship" means a continuing relationship

between a consumer and a licensee under which the licensee provides

1 or more insurance products or services to the consumer that are

to be used primarily for personal, family, or household purposes.

     (j) "Initial notice" means the privacy notice required in

section 507.

     (k) "Insurance product or service" means any product or

service that is offered by a licensee pursuant to the insurance

laws of this state or pursuant to a federal insurance program.

Insurance service includes a licensee's evaluation, brokerage, or

distribution of information that the licensee collects in

connection with a request or an application from a consumer for an

insurance product or service.

     (d) (l) "Licensee" means a licensed insurer or producer, and

other persons licensed or required to be licensed, authorized or

required to be authorized, registered or required to be registered,

or holding or required to hold a certificate of authority under

this act. Licensee includes, except as otherwise provided, a

nonprofit health care corporation operating pursuant to the

nonprofit health care corporation reform act, 1980 PA 350, MCL

550.1101 to 550.1704, and a nonprofit dental care corporation

operating pursuant to under 1963 PA 125, MCL 550.351 to 550.373.

Licensee includes an unauthorized insurer who places business

through a licensed surplus line agent or broker in this state, but

only for the surplus line placements placed under chapter 19.

Licensee does not include any of the following:

     (i) A nonprofit health care corporation for member personal

data and information otherwise protected under section 406 of the

nonprofit health care corporation reform act, 1980 PA 350, MCL

550.1406.

     (i) (ii) The Michigan life and health insurance guaranty

association created under section 7706 and the property and

casualty guaranty association created under chapter 79.

     (ii) (iii) The Michigan automobile insurance placement

facility , created under chapter 33 and the Michigan worker's

compensation placement facility , and the assigned claims facility

created under section 3171. created under chapter 23. However,

servicing carriers for these facilities are licensees.

     (e) (m) "Nonaffiliated third party" means any person except a

licensee's affiliate or a person employed jointly by a licensee and

any company that is not the licensee's affiliate. Nonaffiliated

third party includes the other company that jointly employs a

person with a licensee. Nonaffiliated third party also includes any

company that is an affiliate solely by virtue of the direct or

indirect ownership or control of the company by the licensee or its

affiliate in conducting merchant banking or investment banking

activities of the type described in section 4(k)(4)(H) of the bank

holding company act of 1956, chapter 240, 70 Stat. 135, 12 U.S.C.

1843, 12 USC 1843(k)(4)(H) or insurance company investment

activities of the type described in section 4(k)(4)(I) of the bank

holding company act of 1956, chapter 240, 70 Stat. 135, 12 U.S.C.

1843 .12 USC 1843(k)(4)(I).

     (f) (n) "Nonpublic personal financial information" means

personally identifiable financial information and any list,

description, or other grouping of consumers and publicly available

information pertaining to them that is derived using any personally

identifiable financial information that is not publicly available.

Nonpublic personal financial information does not include any of

the following:

     (i) Health and medical information otherwise protected by

state or federal law.

     (ii) Publicly available information.

     (iii) Any list, description, or other grouping of consumers

and publicly available information pertaining to them that is

derived without using any personally identifiable financial

information that is not publicly available.

     (o) "Opt out" means a direction by the consumer that the

licensee not disclose nonpublic personal financial information

about that consumer to a nonaffiliated third party, other than as

permitted by sections 535, 537, and 539.

     (g) (p) "Personally identifiable financial information" means

any of the following:

     (i) Information a consumer provides to a licensee to obtain an

insurance product or service from the licensee.

     (ii) Information about a consumer resulting from any

transaction involving an insurance product or service between a

licensee and a consumer.

     (iii) Information the licensee otherwise obtains about a

consumer in connection with providing an insurance product or

service to that consumer.

     (h) (q) "Producer" means a person required to be licensed

under this act to sell, solicit, or negotiate insurance.

     (i) (r) "Publicly available information" means any information

that a licensee has a reasonable basis to believe is lawfully made

available to the general public from federal, state, or local

government records by wide distribution by the media or by

disclosures to the general public that are required to be made by

federal, state, or local law. Publicly available information does

not include the information listed as nonpublic personal financial

information. A licensee has a reasonable basis to believe that

information is lawfully made available to the general public if

both of the following apply:

     (i) The licensee has taken steps to determine that the

information is of the type that is available to the general public.

     (ii) If an individual can direct that the information not be

made available to the general public, that the licensee's consumer

has not directed that the information not be made available to the

general public.

     (s) "Revised notice" means the privacy notice required in

section 525.

     Sec. 504. (1) A licensee shall use reasonable care to secure

nonpublic personal financial information from unauthorized access.

Except as is necessary or when required by law, a licensee shall

not disclose nonpublic personal financial information to a person

without the prior and specific informed consent of the consumer to

whom the nonpublic personal financial information pertains. The

consumer's consent must be in writing. Except when a disclosure is

made to the director, a court, or another governmental entity, a

licensee shall make a disclosure for which prior and specific

informed consent is not required on the condition that the person

to whom the disclosure is made protect and use the disclosed

information only in the manner authorized by the licensee, under

section 506. If a consumer has authorized the release of nonpublic

personal financial information to a specific person, a licensee

shall make a disclosure to that person on the condition that the

person will not release the data to a third person unless the

consumer executes in writing another prior and specific informed

consent authorizing the additional release.

     (2) This section does not preclude the release of information

to an individual, pertaining to that individual, by telephone, if

the identity of the individual is verified.

     Sec. 506. A licensee shall establish and make public the

policy of the licensee regarding the protection of privacy and the

confidentiality of nonpublic personal financial information. The

policy, at a minimum, must do all of the following:

     (a) Provide for the licensee's implementation of provisions in

this chapter and other applicable laws and guidelines respecting

collection, security, use, and release of, and access to, nonpublic

personal financial information.

     (b) Identify the routine uses of nonpublic personal financial

information by the licensee; prescribe the means by which consumers

will be notified regarding those uses; and provide for notification

regarding the actual release of nonpublic personal financial

information that may be identified with, or that may concern, a

consumer, on specific request by the consumer. As used in this

subdivision, "routine use" means the ordinary use or release of

nonpublic personal financial information compatible with the

purpose for which the information was collected.

     (c) Assure that no person will have access to nonpublic

personal financial information except as required by law.

     (d) Establish the contractual or other conditions under which

nonpublic personal financial information will be released.

     (e) Provide that enrollment applications and claim forms

developed by the licensee must contain a consumer's consent to the

release of data and information that is limited to the data and

information necessary for the proper review and payment of claims,

and reasonably notify consumers of their rights under the policy

and applicable law.

     Sec. 510. This chapter does not limit access to records or

enlarge or diminish the investigative and examination powers of

governmental agencies, as provided for by law.

     Sec. 515. (1) The initial, annual , and revised notices shall

notice required under section 513 must include each of the

following items of information, in addition to any other

information the licensee wishes to provide, that apply to the

licensee and to the consumers to whom the licensee sends its

privacy notice:

     (a) The categories of nonpublic personal financial information

that the licensee collects.

     (b) The categories of nonpublic personal financial information

that the licensee discloses.

     (c) The categories of affiliates and nonaffiliated third

parties to whom the licensee discloses nonpublic personal financial

information. , other than those parties to whom the licensee

discloses information under sections 537 and 539.

     (d) The categories of nonpublic personal financial information

about the licensee's former customers that the licensee discloses

and the categories of affiliates and nonaffiliated third parties to

whom the licensee discloses nonpublic personal financial

information about the licensee's former customers. , other than

those parties to whom the licensee discloses information under

sections 537 and 539.

     (e) If a licensee discloses nonpublic personal financial

information to a nonaffiliated third party under section 535 and no

other exception in section 537 or 539 applies to that disclosure, a

separate description of the categories of information the licensee

discloses and the categories of third parties with whom the

licensee has contracted.

     (f) An explanation of the consumer's right under section 529

to opt out of the disclosure of nonpublic personal financial

information to nonaffiliated third parties, including the method by

which the consumer may exercise that right at that time.

     (e) (g) Any disclosures that the licensee makes under section

603(d)(2)(A)(iii) of the fair credit reporting act, title VI of the

consumer credit protection act, Public Law 90-321, 15 U.S.C. USC

1681a.

     (f) (h) The licensee's policies and practices with respect to

protecting the confidentiality and security of nonpublic personal

financial information.

     (i) Any disclosure that the licensee makes under subsection

(2).

     (2) If a licensee discloses nonpublic personal financial

information as authorized under sections 537 and 539, the licensee

is not required to list those exceptions in the initial or annual

notices. When describing the categories of parties to whom

disclosure is made, the licensee is required to state only that it

makes disclosures to other affiliated or nonaffiliated third

parties, as applicable, as permitted by law.

     (2) (3) Instead of providing the information required under

subsection (1) and if a licensee does not disclose and does not

want to reserve the right to disclose nonpublic personal financial

information about customers or former customers to affiliates or

nonaffiliated third parties, except as authorized under sections

537 and 539, the licensee may state that fact as part of a

simplified notice so long as if the licensee provides the

information required under subsections subsection (1)(a) , (h), and

(i) and (2) and (f).

     (4) The licensee's initial notice may include categories of

nonpublic personal financial information that the licensee reserves

the right to disclose in the future but does not currently

disclose, and categories of affiliates or nonaffiliated third

parties to whom the licensee reserves the right in the future to

disclose but to whom the licensee does not currently disclose,

nonpublic personal financial information.

     Sec. 527. (1) A licensee shall provide any notice required

under this chapter so that each consumer can reasonably be expected

to receive actual notice in writing or, if the consumer agrees,

electronically. A licensee may reasonably expect that a consumer

will receive actual notice if the licensee does any of the

following:

     (a) Hand delivers a printed copy of the notice to the

consumer.

     (b) Mails a printed copy of the notice to the last known

address of the consumer separately, or in a policy, billing, or

other written communication.

     (c) For a consumer who conducts transactions electronically,

posts the notice on the electronic site and requires the consumer

to acknowledge receipt of the notice as a necessary step to

obtaining a particular insurance product or service.

     (d) For an isolated transaction with a consumer, such as the

licensee providing an insurance quote or selling the consumer

travel insurance, posts the notice and requires the consumer to

acknowledge receipt of the notice as a necessary step to obtaining

the particular insurance product or service.

     (2) The following do not provide a reasonable expectation that

a consumer will receive actual notice of a licensee's privacy

policies and practices under subsection (1):

     (a) The licensee only posts a sign in its office or generally

publishes advertisements of its privacy policies and practices.

     (b) The licensee sends the notice via electronic mail to a

consumer who does not obtain an insurance product or service from

the licensee electronically.

     (3) A licensee may reasonably expect that a customer will

receive actual notice of the licensee's annual notice in either of

the following cases:circumstances:

     (a) The customer uses the licensee's website to access

insurance products and services electronically and agrees to

receive notices at the website and the licensee posts its current

privacy notice continuously in a clear and conspicuous manner on

the website.

     (b) The customer has requested that the licensee refrain from

sending any information regarding the customer relationship, and

the licensee's current privacy notice remains available to the

customer upon request.

     (4) A licensee shall not provide any notice required by this

chapter solely by orally explaining the notice, either in person or

over the telephone.

     (5) For customers only, a licensee shall provide the initial

an annual and revised notices notice required under section 513 in

a manner so that the customer can retain them the notice or obtain

them it later in writing or, if the customer agrees,

electronically. A licensee provides an initial, annual , or revised

notice to the customer so that the customer can retain it or obtain

it later if the licensee does any of the following:

     (a) Hand delivers a printed copy of the notice to the

customer.

     (b) Mails a printed copy of the notice to the last known

address of the customer.

     (c) Makes the current initial, annual , or revised notice

available on a website or a link to another website for the

customer who obtains an insurance product or service electronically

and agrees to receive the notice at the website.

     (6) A licensee may provide a joint notice from the licensee

and 1 or more of its affiliates or other financial institutions, as

identified in the notice, if the notice is accurate with respect to

the licensee and the other institutions. A licensee may also

provide a notice on behalf of another financial institution, as

identified in the notice, if the notice is accurate with respect to

the licensee and the other institution.

     (7) If 2 or more consumers jointly obtain an insurance product

or service from a licensee, the licensee may satisfy the initial,

annual , and revised notice requirements under this chapter by

providing 1 notice to those consumers jointly.

     Sec. 543. A licensee shall not unfairly discriminate against

any a consumer because that the consumer has opted out or intends

to opt out from not given prior and specific informed consent to

the disclosure of his or her nonpublic personal financial

information pursuant to the provisions of under this chapter.

     Enacting section 1. Sections 505, 507, 509, 511, 517, 519,

521, 523, 525, 529, 531, 533, 535, 537, 539, 540, and 545 of the

insurance code of 1956, 1956 PA 218, MCL 500.505, 500.507, 500.509,

500.511, 500.517, 500.519, 500.521, 500.523, 500.525, 500.529,

500.531, 500.533, 500.535, 500.537, 500.539, 500.540, and 500.545,

are repealed.

     Enacting section 2. This amendatory act does not take effect

unless Senate Bill No. ____ or House Bill No. ____ (request no.

01844'17 a) of the 99th Legislature is enacted into law.