Protect against anticipated threats or hazards to the security or integrity of personal information and personal identifying information.Protect the security and confidentiality of personal information and personal identifying information.The bill's amendment outlines the following stupulations: The goal of having a cybersecurity program in place is to safeguard data. Absent from the bill has largely been defense, namely any means to address best practices around mitigating identity theft and security breaches in the first place. The legislation would technically amend the 2004 Identity Theft Protection Act, designed to prohibit identity theft and require notification of a security breach. The legislation cites frameworks like the National Institute of Standards and Technology's Framework for Improving Critical Infrastructure, FISMA, HIPAA, and PCI-DSS, to name a few. 672, introduced by Senator Wayne Schmidt (and sponsored by Senators Adam Hollier, Kenneth Horn, Marshall Bullock, Curtis VanderWall) earlier this fall, would encourage organizations to establish, maintain, and comply with a written cybersecurity program.Īs part of the legislation, the program would have to contain "administrative, technical, and physical safeguards for the protection of personal information that and personal identifying information” that reasonably conforms to the current version of an industry-recognized cybersecurity framework or a combination of those frameworks. Politicians in the state of Michigan are trying to get the state to join the raft of states attempting to pass new data protection legislation to safeguard citizens' personal information. While not sweeping, new legislation recently introduced in Michigan would push businesses to establish and maintain a written cybersecurity program to protect personal information.