The Michigan Data Destruction Statute § 445.72a (the “Statute”) is a state statutory law that establishes a data disposal standard for the destruction of personal information about Michigan residents. The Statute also criminalizes the knowing violation of the Statute as a misdemeanor.

Applicability

The Statute applies to persons or agencies that maintain a database of personal information and that remove data from the database without retaining a copy anywhere else. A person or agency that is in compliance with federal laws, that concern data destruction standards, is considered in compliance with the Statute.

Requirements

Covered entities are required to destroy personal information by shredding, erasing, or otherwise modifying the data so that they cannot be read, deciphered, or reconstructed through generally available means.

Enforcement & Liability

The Attorney General of Michigan is authorized to enforce compliance with the Statute. A prosecuting attorney may prosecute criminal offenses.

Penalties

A person found guilty of knowingly violating the Statute may be subject to a fine of $250 for each violation.