Michigan employers will have a new set of responsibilities when the state’s new security-breach notification law takes effect on July 2.
Under the law, which amends Michigan’s Identity Theft Protection Act, owners and licensers of databases are required to notify Michigan residents whose personal information has been accessed by an unauthorized person. Failure to provide timely notice will subject employers to both fines and civil lawsuits.
To comply, it’s important to understand what “database,” “personal information” and “breach” mean.
While the law does not specifically define “database,” the generally accepted definition is a collection of data arranged for ease and speed of retrieval, usually by a computer. For example, employee payroll records and computerized personnel, medical and worker’s compensation files are all considered databases.
The law defines “personal...(register to read more)