Support Centre



Law: Please note this State does not have a general privacy law in effect, you can visit our US State Law Tracker to monitor the progress of US State bills.

Regulator: The Michigan Attorney General ('AG')

Summary: Although Michigan at present does not have a general privacy act, the State has its own data breach requirements ('the Data Breach Requirements') under the Identity Theft Protection Act (Act 452 of 2004) under §445.61 et seq. of the Michigan Compiled Laws. The Data Breach Requirements stipulate, among other things, that Michigan residents must be notified in the event that their personal data is accessed and acquired by an unauthorised person or if said person obtains access to the encryption key of encrypted data. The Data Breach Requirements may be enforced by the AG or a privacy attorney, despite there being no specific requirement to inform the AG of a breach. Other applicable privacy laws in Michigan include the Insurance Data Security Law, which entered into effect on 20 January 2020 and requires licensed insurers to develop, implement, and maintain a comprehensive information security program.