The web Browser you are currently using is unsupported, and some features of this site may not work as intended. Please update to a modern browser such as Chrome, Firefox or Edge to experience all features Michigan.gov has to offer.
Who is required to notify consumers of a cybersecurity event?
A licensee subject to MCL 500.561 who owns or licenses data included in a database that discovers or receives notice of a cybersecurity event, unless it has not or is not likely to cause substantial loss or result in the identity theft of one or more Michigan consumers. The licensee must notify the affected consumers if their unencrypted and unredacted personal information was accessed and acquired by an unauthorized person or their personal information was accessed and acquired in encrypted form by a licensee with unauthorized access to the encryption key.