- Cybersecurity Disclosures Required by the SEC’s Recently Proposed Rules
- The Future is Now: Data Subject Requests in 2023
- FTC Scrutinizes Children’s Privacy Issues Involving Education Technology
- Utah Becomes the Fourth State to Enact a Comprehensive Privacy Law
- Courts Requiring General and Professional Liabilities Policies to Respond to Cyberattacks
- The US and EU Announce a New Trans-Atlantic Data Privacy Framework
- BIPA Claims Following the McDonald Decision
- NY Attorney General Offers Guidance on Dealing with Credential Stuffing
- “Silent Cyber” Continues to Make Noise in State Appellate Courts
- The FBI Warns M&A Participants on the Increasing Ransomware Threat
Legal developments in data, privacy, cybersecurity, and other emerging technology issues
Michigan state courts have new privacy protections in court rules that become effective July 1, 2021 (links to the implementing orders are included below) after implementation was previously delayed. Under revised Michigan Court Rule (“MCR”) 1.109 and 8.119, parties are no longer able to file papers – including pleadings, motions, and briefs – or attachments containing specified types of personally identifying information (PII) such as date of birth, financial account numbers, driver’s license numbers, state-issued personal identification card numbers, or passport numbers. The existing prohibition on filing more than the last four digits of a social security number remains in force. The revised MCR 1.109 calls for parties and their attorneys to redact any PII and to prepare a separate form listing the un-redacted information and reference codes to be used in the public document. That separate form is considered a nonpublic document and is available only to the court, the parties, and other specified persons. Anyone obtaining a copy of a publicly filed document will receive only the redacted copy and not the separate form.
These new rules significantly change the handling of PII in Michigan courts. The inclusion of date of birth as a type of PII is broader than the statutory definition of “personally identifying information” in MCL 445.63(q), as part of the Michigan Identity Theft Protection Act, and broader than the statutory definition of personal information requiring notification following a data breach in MCL 445.63(r) and MCL 445.72. Additionally, by requiring the removal of the entire account number or identification number, the new rules also go beyond the definition of “redact” in the Identity Theft Protection Act, which permits the disclosure of up to four consecutive digits of such numbers. These changes position the Michigan state court system to be far more protective of PII than ever before.
While the protection of PII was broadly applauded by commenters, this expansion has raised concerns of unintended consequences. In particular, comments from companies that provide background check services express warnings that the lack of date of birth information will make it more challenging to confirm that court records relate to particular individuals. The tension between protection of PII and the public’s right of access to court documents will doubtless continue to unfold.
Mike Hindelang is an experienced commercial litigator whose practice has two major components. Mike has significant experience litigating high value cases, especially those with a financial or securities law component. This ...