Michigan Laws 205.827 – Personal identifiable information
Current as of: 2024 | Check for updates
|
Other versions
(1) Except as provided in subsection (3), a certified service provider shall not retain or disclose the personally identifiable information of consumers. A certified service provider’s system shall be designed and tested to assure the privacy of consumers by protecting their anonymity.
(2) A certified service provider shall provide clear and conspicuous notice of its information practices to consumers, including, but not limited to, what information it collects, how it collects the information, how it uses the information, how long it retains the information, and whether it discloses the information to member states.
Terms Used In Michigan Laws 205.827
- Agreement: means the streamlined sales and use tax agreement. See Michigan Laws 205.803
- Certified service provider: means an agent certified under the agreement to perform all of the seller's sales and use tax functions, other than the seller's obligation to remit tax on its own purchases. See Michigan Laws 205.803
- Department: means the department of treasury. See Michigan Laws 205.803
- Freedom of Information Act: A federal law that mandates that all the records created and kept by federal agencies in the executive branch of government must be open for public inspection and copying. The only exceptions are those records that fall into one of nine exempted categories listed in the statute. Source: OCC
- Member state: means a state that has entered into the agreement. See Michigan Laws 205.803
- Person: means an individual, trust, estate, fiduciary, partnership, limited liability company, limited liability partnership, corporation, or any other legal entity. See Michigan Laws 205.803
- State: means any state of the United States or the District of Columbia. See Michigan Laws 205.803
(3) A certified service provider’s retention or disclosure to member states of personally identifiable information is limited to that required to ensure the validity of exemptions claimed because of a consumer’s status or intended use of the goods or services purchased.
(4) A certified service provider shall provide the necessary technical, physical, and administrative safeguards to protect personally identifiable information from unauthorized access and disclosure.
(5) This privacy policy is subject to enforcement by the attorney general.
(6) If personally identifiable information is retained by this state for the purpose of subsection (3), in the absence of exigent circumstances, a person shall be afforded reasonable access to their own data, with a right to correct inaccurately recorded data.
(7) The agreement does not enlarge or limit this state’s authority to do any of the following:
(a) Conduct audits or other reviews as provided under the agreement or this state’s law.
(b) Provide records pursuant to this state’s freedom of information act, disclosure laws with governmental agencies, or other regulations.
(c) Prevent, consistent with this state’s law, disclosures of confidential taxpayer information.
(d) Prevent, consistent with federal law, disclosures or misuse of federal return information obtained under a disclosure agreement with the internal revenue service.
(e) Collect, disclose, disseminate, or otherwise use anonymous data for governmental purposes.
(8) The department shall publish on the department’s website this state’s policy relating to the collection, use, and retention of personally identifiable information obtained from a certified service provider under subsection (3).
(9) The department shall destroy personally identifiable information obtained from a certified service provider when the information is no longer required for purposes under subsection (3).
(10) If a person other than a member state or person authorized by a member state’s law or the agreement seeks to discover personally identifiable information about an individual from this state, the department shall make a reasonable and timely effort to notify that individual of the request.
(11) As used in this section, “personally identifiable information” means information that identifies a specific person.