Michigan lawmakers are considering sweeping updates to the state’s identity theft protection law while also debating whether Michigan will become one of nearly half the states that have passed a consumer privacy law. Fisher Phillips is closely monitoring both SB 359 and SB 360 to prepare businesses for changes that may be on the horizon on both fronts. This Insight explores the current state of Michigan law, the proposed changes being debated, and some steps your business can take to prepare for new potential obligations.
Overview of Senate Bill 359: The Personal Data Privacy Act
The Personal Data Privacy Act, introduced in June 2025, would create Michigan’s first comprehensive consumer privacy framework. We outline the key provisions below.
Applicability Thresholds
Entities covered would be those that conduct business in Michigan or produce products or services that are targeted to residents of Michigan and, during the calendar year, either control or process personal data from over 100,000 consumers or control or process personal data of 25,000 or more consumers and derive any revenue from the sale of personal data. There are also a number of exemptions.
Consumer Rights
If enacted, the law would grant residents new rights to access, correct, delete, and obtain copies of their data. It would also create new rights related to opting out of processing for targeted advertising, the sale of personal data, and profiling.
Notice Requirements
If enacted, the law would require entities subject to the law to provide a notice to consumers explaining the categories of data they collect, the third parties with whom they sell or chare the data, the purpose for collecting the data, and a description of their rights and how to exercise them.