Michigan Personal Data Privacy Act – How to Comply
Heard about Michigan’s privacy law (Michigan Personal Data Privacy Act)? Here’s what your business needs to know — and how to stay ahead.
In a digital age where customer data is valuable and more exposed than ever, Michigan is stepping up with its strong data protection framework: the Michigan Data Privacy law.
This comprehensive privacy legislation aims to give residents more control over their personal information while holding businesses accountable for collecting, storing, and sharing data.
Whether you’re a business owner, marketer, or compliance officer, understanding the Michigan data privacy law isn’t optional; it’s essential.
In this guide, we will explain what the Michigan Personal Data Privacy Act is. Who is required to comply, what are the consumer rights, and what is the process your business needs to follow to avoid costly penalties?
Let’s begin with all about Michigan Data Privacy Act compliance that you need to know.
- What is the Michigan Personal Data Privacy Act (MPDPA)
- Who Must Comply With the Michigan Personal Data Privacy Act?
- What are the Consumer Rights Under the MPDPA Law
- How Businesses Can Comply With Michigan Privacy Regulations
- Michigan Data Protection Law Penalties and Fines for Non-Compliance
- FAQ
- Conclusion
What is the Michigan Personal Data Privacy Act (MPDPA)
The Michigan Personal Data Privacy Act covers the businesses that collect, process, or store the personal data of Michigan residents.
The MPDPA mandates entities to be more transparent regarding the intention behind their data collection practices and to provide consumers more rights concerning their personal information.
This further obliges businesses to take reasonable steps to protect such information from unauthorized access, use, and disclosure.
The act is to protect the data privacy rights of Michigan residents and to give control over their personal information. The State Act also gives consumers the right to opt out of the sale of their personal data and request the deletion of their personal information.
The act governs personal information collected by any business from a Michigan resident. Personal information includes any of the following identifiers: name, address, email address, phone number, social security number, bank-related information, and health information.
It also covers any data or information that can identify a person on its own or when combined with other details, including biometric data like fingerprints and retina scans.
Such personal information includes information held by third parties, such as data brokers, marketing companies, and advertising networks.
The Michigan Personal Data Privacy Act applies to any business that has obtained personal data from Michigan residents during the preceding twelve months or that has collected at least 10,000 records from the state in the past year.
Businesses must provide their consumers with clear, visible notice of how they intend to collect and use their personal information.
Who Must Comply With the Michigan Personal Data Privacy Act?
The MPDPA protection law safeguards the right to privacy of anyone residing within Michigan. It covers any entity or organization that:
- Conduct business in Michigan or offer goods or services to Michigan consumers, and control or process the personal data of 100,000 or more Michigan consumers annually.
- Control or process the personal information of 25,000 Michigan consumers and derive more than 50% of their yearly revenues from selling personal information.
Personal information includes any data that can be used to identify a person but does not encompass de-identified data. De-identified data means any data that has identifying factors stripped away or is publicly available.
Sensitive data encompasses race, religious beliefs, health diagnoses, sexual orientation, status of citizenship, identifying genetic data, children’s personal data, exact geolocation, ID numbers, and specific financial and login information.
Data controllers are those individuals responsible for determining how and why personal data is to be processed.
Processing data means any operation performed on collected data, including collecting, using, storing, disclosing, analyzing, editing, or erasing data.
Section 3 of the MPDPA text outlines the kinds of organizations to which the bill is applicable:
What are the Consumer Rights Under the MPDPA Law
The Michigan privacy law provides consumers with the following rights, all of which are very common in modern privacy legislation:
- The right to access: It enables consumers to see any personal information the company has gathered about them so they can ensure it is being processed.
- The right of rectification: It allows consumers to correct mistakes in their personal data by requiring the company to fix those errors.
- The right of deletion: This right allows consumers to request that a company erase personal data submitted by them.
- The right of restriction: This right enables consumers to withdraw consent for their data to be used in profiling or targeted advertising.
- The portability right: This right allows consumers to request and receive a copy of the personal data they have already provided to the organization, presented in a readable, portable format that other companies can easily access.
- The right to opt out of sales: This right allows users to opt out of enabling their gathered personal data to be processed for sale by their data controller company.
If enacted, companies would need to make these rights available and would likely need to provide notice of their availability, such as through a privacy policy.
Other privacy regulations, such as the GDPR and the CCPA, provide similar rights to users. Companies can draw inspiration and guidance from other regulations like these to comply with Michigan’s law.
How Businesses Can Comply With Michigan Privacy Regulations
Several steps can be taken to ensure compliance with the MPDPA. However, before anything else, ensure your website has a privacy policy and a cookie consent banner — both are essential for staying compliant with privacy regulations.
Let’s look at how you can get your business MPDPA-ready.
1. Having a Privacy Policy
To align with the MPDPA, you must have a well-written, updated privacy policy on your website. Your WordPress Privacy Policy must contain the following clauses:
- What personal data you gather
- How you protect the data you gather
- Your purposes for processing consumers’ data
- How consumers can enforce their rights
- How consumers can complain about the determination of their rights
- What kind of personal data you disclose to third parties
- Whether you sell personal data
- Whether you use personal data for online behavioural advertising
You should also inform consumers that, as long as you obtain their consent and maintain their data securely, you can use the personal data you obtain for research purposes to create, fix, or improve your products or services.
Section 7 of the MPDPA outlines the clauses that must be incorporated within your Privacy Policy:
To create one for your website, you can use a privacy policy generator like the WP Legal Pages plugin.
WP Legal Pages – Legal Pages Generator for WordPress Sites
WP Legal Pages provides an easy solution for creating legal documents for your WordPress websites. You can create documents like Privacy Policy, Disclaimer, and Terms and Conditions within a few minutes.
The plugin has built-in wizards that guide you through quickly creating the legal pages for your website. The whole process is straightforward. You will not have issues creating legal documents with WP Legal Pages, even as a newcomer.
This helps establish trust among users, avoid fines and legal proceedings, and save you time.
WP Legal Pages is a trusted WordPress plugin designed to help businesses like yours generate essential legal policies quickly, professionally, and fully aligned with data privacy laws—including the Michigan PDPA, GDPR, CCPA, Quebec Law 25, and others.
2. Getting User Consent
It is advisable to obtain consumers’ permission to process their personal data before you gather it. Offering consumers options for consent before processing their personal data can assist you in adhering to the MPDPA.
One of the easiest methods to obtain consumers’ consent or to permit you to gather and process their information is to include a checkbox on your website’s data-gathering pages.
In addition, you can include a cookie banner with a declaration that they have read and accepted your privacy policy and terms and conditions.
You can use a consent management platform like WP Cookie Consent Plugin to get user consent on your website for collecting cookies.
WP Cookie Consent Plugin- Best Consent Management Platform
WP Cookie Consent is the best WordPress plugin that enables websites to handle user consent. This Google-certified plugin is created to assist businesses in being compliant with international privacy laws such as GDPR, CCPA, LGPD, and others.
It ensures that websites transparently and legally capture and manage user consent. As data privacy legislation requires websites to inform users about their data-processing practices, this plugin is essential for ethical data handling.
Michigan Data Protection Law Penalties and Fines for Non-Compliance
The Michigan Attorney General will issue a 30-day notice to organizations found in violation of the MPDPA, allowing them the opportunity to rectify the situation.
If the organization fails to cure the violations within the 30-day time frame, it may face fines of up to $7,500 per violation.
The Attorney General can fine data brokers up to $100 for each day they fail to register.
FAQ
Michigan’s data privacy law establishes a data protection framework that protects consumers’ personal data by setting standards for how businesses collect and process personal information
The Michigan Data Protection Law applies to any for-profit entities that do business in Michigan or have control over 100,000 consumers’ personal data during a calendar year. In addition, if the business gets 50% of its annual revenue from selling personal information.
If businesses fail to comply with Michigan data privacy requirements, the state will give them 30 days to correct the violation. If they do not correct the violation within that time frame, the state will impose fines of up to $7,500 per violation.
To comply with the Michigan Data Privacy Act, businesses must have a proper cookie consent banner on the website with a link to the privacy policy so that users are notified about the use of cookies. To comply with the MPDPA protection law, businesses can use the WPLP Compliance Platform, which will provide complete legal and cookie protection.
Conclusion
The Michigan Personal Data Privacy Act is new legislation that ensures individuals’ personal data remains secure and that companies handle this data responsibly.
Nowadays, most people are aware of their rights regarding their data. Your company must comply with the rules. Otherwise, you might be fined and lose your customers’ trust.
That’s where WP Legal Pages Compliance Platform steps in. It’s an easy-to-use platform that assists companies in creating significant legal pages such as privacy policies, terms and conditions, and affiliate disclosure. It also helps with cookie consent banners for the website.
Whether you’re a small or a large corporation, WP Legal Pages Compliance Platform assists you in adhering to privacy legislation, such as the Michigan Personal Data Privacy Act and others worldwide.
Using the WP Legal Pages Compliance Platform, companies can save time, avoid legal issues, and demonstrate to people that they care about privacy. It’s a prudent move to protect yourself and gain customer trust.
If you like this article, you might also like reading:
- Pennsylvania Consumer Data Privacy Act (PCDPA)
- An Overview of Iowa Consumer Data Protection Act (ICDPA)
- Texas Data Privacy and Security Act (TDPSA): A Quick Summary
Are you looking to stay compliant with data privacy regulations? Grab the WP Legal Pages Compliance Platform now!