Hammoud Bill Requires Public Notification of Data Breaches

Legislation calls for disclosure on entities’ websites
Thursday, September 21, 2017

LANSING — State Rep. Abdullah Hammoud (D-Dearborn) has introduced House Bill 4983, which would amend the Identity Theft Protection Act (PA 452 of 2004). Specifically, it would require entities that have had a data breach to report this information publicly on their websites and to the Office of the Attorney General.

“This idea stems from a constituent I spoke with at coffee hours that has done extensive research on this topic and urged me, and the state, to take action,” said Hammoud. “It is an unfortunate reality that data breaches have become more common, such as recently with the massive Equifax data breach.”

Under current state law, entities are required to disclose this information to customers, but not to the public, including prospective customers looking to do business with these entities.

“This is a concern that the federal government should take more seriously by urgently passing increased protections for consumers,” said Hammoud. “However, as a state, we should do more to protect our residents. This proposal simply requires information about data breaches be disclosed on entities’ websites and reported to the Michigan attorney general.”