2019 House Bill 4186

Expand data breach response requirements

Introduced in the House

Feb. 14, 2019

Introduced by Rep. Diana Farrington (R-30)

To clarify in a state identity theft protection law which entities are covered by the data breach response activities proposed by House Bill 4187.

Referred to the Committee on Financial Services

March 13, 2019

Reported without amendment

Refer to to the Committee on Ways and Means.

Referred to the Committee on Ways and Means

Dec. 10, 2019

Reported without amendment

Without amendment and with the recommendation that the bill pass.

Sept. 1, 2020

Substitute offered by Rep. Diana Farrington (R-30)

To replace the previous version of the bill with one that revises details but does not change the substance as previously described.

The substitute passed by voice vote

Substitute offered by Rep. Diana Farrington (R-30)

The substitute passed by voice vote

Amendment offered by Rep. Rebekah Warren (D-55)

To expand the requirements to notify the state on certain data breaches.

The amendment failed by voice vote

Amendment offered by Rep. Sarah Anthony (D-68)

To revise details of the proposed fines.

The amendment failed by voice vote

Amendment offered by Rep. Matt Koleszar (D-20)

To give the state Attorney General additional powers the area of data breach disclosure requirements, and increase the proposed penalties.

The amendment failed by voice vote

Sept. 2, 2020

Passed in the House 99 to 10 (details)

Received in the Senate

Sept. 9, 2020

Referred to the Committee on Regulatory Reform

Dec. 3, 2020

Reported without amendment

With the recommendation that the substitute (S-1) be adopted and that the bill then pass.

Dec. 10, 2020

Amendment offered

To clarify a provision that excludes from the effect of this proposed law businesses that are already subject to a state "Data Breach Notification Act".

The amendment passed by voice vote

Passed in the Senate 38 to 0 (details)

To clarify in a state identity theft protection law which entities are covered by the data breach response activities proposed by House Bill 4187.

Received in the House

Dec. 15, 2020

Dec. 16, 2020

Passed in the House 92 to 16 (details)

To concur with the Senate-passed version of the bill.

Vetoed by Gov. Gretchen Whitmer

Dec. 30, 2020