Sec. 12a.
(1) Subject to subsection (3), a person or agency that maintains a database that includes personal information regarding multiple individuals shall destroy any data that contain personal information concerning an individual when that data is removed from the database and the person or agency is not retaining the data elsewhere for another purpose not prohibited by state or federal law. This subsection does not prohibit a person or agency from retaining data that contain personal information for purposes of an investigation, audit, or internal review.
(2) A person who knowingly violates this section is guilty of a misdemeanor punishable by a fine of not more than $250.00 for each violation. This subsection does not affect the availability of any civil remedy for a violation of state or federal law.
(3) A person or agency is considered to be in compliance with this section if the person or agency is subject to federal law concerning the disposal of records containing personal identifying information and the person or agency is in compliance with that federal law.
(4) As used in this section, "destroy" means to destroy or arrange for the destruction of data by shredding, erasing, or otherwise modifying the data so that they cannot be read, deciphered, or reconstructed through generally available means.
History: Add. 2006, Act 566, Eff. July 2, 2007
Structure Michigan Compiled Laws
Chapter 445 - Trade and Commerce
Act 452 of 2004 - Identity Theft Protection Act (445.61 - 445.79d)
Section 445.67 - Additional Prohibited Acts.
Section 445.72 - Notice of Security Breach; Requirements.
Section 445.73 - Verification of Information; Use of Vital Record.
Section 445.75 - Repeal of MCL 750.285.
Section 445.77 - Effective Date.
Section 445.79 - Property Subject to Forfeiture.
Section 445.79a - Seizure of Forfeited Property; Seizure Without Process; Circumstances.