DEPARTMENT OF LABOR AND ECONOMIC GROWTH
OFFICE OF FINANCIAL AND INSURANCE SERVICES
STANDARDS FOR SAFEGUARDING CUSTOMER INFORMATION
(By the authority conferred on the Office of Financial and Insurance Services by Section 547
of 1956 PA 215, MCL 500.547, by Section 210 of 1956 PA 218, MCL 500.210, and E.R.O.
No. 2003-1, and pursuant to 15 U.S.C. 6801, 6805(a)(6), 6805(b), 6805(c))
R 500.551 Authority.
Rule 1. (a) These rules establish standards for developing
and implementing
administrative, technical, and physical safeguards to protect the security, confidentiality, and
integrity of customer information, pursuant to Sections 501, 505(b), and 507 of the Gramm-
Leach-Bliley Act, codified at 15 U.S.C. 6801, 6805(b) and 6807, Chapter 5 of the Insurance
Code, MCL 500.501 to 500.547, with penalties for violation specified in Chapter 20 of the
Insurance Code, MCL 500.2001 to 500.2050.
(b) Section 501(a) of the Gramm-Leach-Bliley Act provides that it is the policy of the
Congress that each financial institution has an affirmative and continuing obligation to respect
the privacy of its customers and to protect the security and confidentiality of those customers'
nonpublic personal information. Section 501(b) of the Gramm-Leach-Bliley Act requires the
state insurance regulatory authorities to establish appropriate standards relating to all of the
following administrative, technical, and physical safeguards:
(i) To ensure the security and confidentiality of customer records and information.
(ii) To protect against any anticipated threats or hazards to the security or integrity of such
records.
(iii) To protect against unauthorized access to or use of records or information that may
result in substantial harm or inconvenience to a customer.
(c) Section 505(b)(2) calls on state insurance regulatory authorities to implement by rule
the standards prescribed under Section 501(b) with respect to persons engaged in providing
insurance; and the Governor signed 2001 PA 24 on June 18, 2001, creating Chapter 5 of the
Insurance Code, titled "Privacy of Financial Information."
(d) Section 507 provides, among other things, that a state may afford persons greater
privacy protections than those provided by subtitle A of Title V of the Gramm-Leach-Bliley
Act. MCL 500.501(3) provides that Chapter 5 of the Insurance Code - applicable to financial
information - does not modify, limit, or supersede statute or rules governing the confidentiality
or privacy of individually identifiable health or medical information under state law. To
release such private or privileged health or medical information in Michigan generally
requires the informed, written consent of the patient or his or her authorized representative.
Nothing in these rules shall be construed to diminish state law, recent federal HIPAA standards
(45 CFR Parts 160 and 164) that govern the privacy and security of protected health and
medical information, or fair credit reporting act protections for medical information (15 U.S.C.
1681 et seq.). The safeguards established pursuant to these rules apply only to nonpublic
personal financial information and do not diminish the duty of any licensee to comply with
other more stringent state or federal laws affecting other types of customer information in
Page 1