Templates Legal Letters Correspondence State Data Breach Notification Letter
Michigan Legal Letters Correspondence
Blank Document PRO
From Template
Upload Document Word (.docx) & Markdown files
PRO
State Data Breach Notification Letter
Ready to Edit
State Data Breach Notification Letter - Free Editor

Michigan Data Breach Notification Package

(Comprehensive Template – Ready for Attorney Customization)

[// GUIDANCE: This package contains three coordinated templates:
(A) Attorney General Notification Letter
(B) Consumer Notification Letter
(C) Nationwide Consumer Reporting Agency Notification (use only if ≥1,000 Michigan residents are being notified in a single 24-hour period).
All templates embed the statutory content requirements of the Michigan Identity Theft Protection Act (“ITPA”), Mich. Comp. Laws Ann. § 445.72, and follow best-practice drafting conventions. Replace every bracketed placeholder before release.]*

TABLE OF CONTENTS

  1. Definitions & Global Placeholders
  2. Template A – Attorney General Notification Letter
  3. Template B – Consumer Notification Letter
  4. Template C – CRA Notification Letter (Optional)

1. DEFINITIONS & GLOBAL PLACEHOLDERS

[// GUIDANCE: Populate once; the values feed every template.]

• “Company” = [LEGAL NAME OF DATA OWNER/SENDER]
• “Incident” = [VERY BRIEF NAME, e.g., “April 2025 Network Intrusion”]
• “Discovery Date” = [MM/DD/YYYY on which breach was first confirmed]
• “Incident Window” = [Approx. start–end dates of unauthorized access]
• “Notification Date” = [MM/DD/YYYY when letters will be mailed/emailed]
• “PII Types” = [List of personal information elements involved]
• “Impacted MI Residents” = [Exact # of Michigan residents]
• “Total Individuals” = [Total # of all individuals, all states, if > MI]
• “Law Enforcement Hold?” = [Yes/No – attach written request if Yes]
• “Toll-Free Support Line” = [(XXX) XXX-XXXX / hours]
• “Credit Monitoring Vendor” = [NAME] (if offering)
• “Contact Person” = [NAME, TITLE, EMAIL, DIRECT PHONE]

2. TEMPLATE A – ATTORNEY GENERAL NOTIFICATION LETTER

[LETTERHEAD OF COMPANY]

[Date]

The Honorable [NAME]
Michigan Attorney General
G. Mennen Williams Building, 7th Floor
525 W. Ottawa Street
P.O. Box 30212
Lansing, MI 48909

Re: Data Security Incident Notice — Mich. Comp. Laws Ann. § 445.72

Dear Attorney General [LAST NAME]:

  1. Introduction
    Pursuant to the Michigan Identity Theft Protection Act (“ITPA”), Mich. Comp. Laws Ann. § 445.72, Company hereby provides formal notice of a breach of security involving the personal information of Michigan residents.

  2. Incident Summary
    a. Incident Name: “[Incident]”
    b. Incident Window: [Incident Window]
    c. Discovery Date: [Discovery Date]
    d. Description (general, non-technical):
    [High-level narrative of how unauthorized acquisition occurred, omitting sensitive system details.]

  3. Scope of Impact
    • Michigan residents affected: [Impacted MI Residents]
    • Total individuals nationwide: [Total Individuals]

  4. Personal Information Involved
    The Incident involved unauthorized acquisition of one or more of the following data elements (unencrypted or unredacted):
    – [PII Types]

  5. Notification & Timing Compliance
    Company will issue consumer notices on or about [Notification Date], which is within the 45-day statutory period, absent any certified law-enforcement delay.
    [If delay: “Pursuant to written request from [Agency], enclosed as Exhibit A, consumer notice has been delayed until the conclusion of the investigative hold.”]

  6. Method of Consumer Notice
    – First-class U.S. mail to last known mailing address, or
    – Email notice (where resident has expressly consented), or
    – Substitute notice in accordance with § 445.72(4) (attach form).

  7. Remedial Measures
    • Immediate containment and eradication measures completed on [MM/DD/YYYY].
    • Mandatory password resets and multi-factor authentication deployed.
    • Complimentary [X]-month credit monitoring/identity-theft protection through [Credit Monitoring Vendor].
    • Dedicated toll-free hotline: [Toll-Free Support Line].

  8. Contact for Follow-Up
    Direct any questions to:
    [Contact Person]

Respectfully submitted,

[NAME]
[TITLE]
[Company]

3. TEMPLATE B – CONSUMER NOTIFICATION LETTER

[LETTERHEAD OF COMPANY]

[Date]

[First Name Last Name]
[Street Address]
[City, State ZIP]

Re: Notice of Data Security Incident

Dear [First Name]:

  1. What Happened
    On [Discovery Date], we confirmed that unauthorized actors gained access to certain Company systems between [Incident Window]. We immediately secured our environment, initiated an investigation with leading cybersecurity specialists, and notified law enforcement.

  2. What Information Was Involved
    The incident involved your [plain-language list of “PII Types”] (“Personal Information”). We have no evidence of fraud or identity theft arising from this Incident at this time.

  3. What We Are Doing
    • Enhanced security: [brief bullet list].
    • Complimentary identity-protection services: We are offering you [X] months of credit monitoring and identity-theft restoration services at no cost through [Credit Monitoring Vendor]. Your activation code and instructions are enclosed in Attachment A.
    • Toll-free assistance: [Toll-Free Support Line] (Monday-Friday, 8 a.m.-8 p.m. ET).

  4. What You Can Do
    We encourage you to remain vigilant by reviewing account statements and monitoring free credit reports. Please refer to Attachment B for additional steps—including placing a fraud alert or security freeze—along with contact information for the three nationwide consumer reporting agencies and the Federal Trade Commission.

  5. For More Information
    If you have questions, please call [Toll-Free Support Line] or email [Contact Person Email].

We regret any concern this may cause and remain committed to safeguarding your information.

Sincerely,

[NAME]
[TITLE]
[Company]

Attachment A – Enroll in Complimentary Credit Monitoring

[Detailed, vendor-supplied instructions and activation code]

Attachment B – Additional Resources

  1. Fraud Alerts & Security Freezes
    • Equifax P.O. Box 105139, Atlanta, GA 30348 | 1-888-766-0008 | www.equifax.com
    • Experian P.O. Box 9554, Allen, TX 75013 | 1-888-397-3742 | www.experian.com
    • TransUnion P.O. Box 2000, Chester, PA 19016 | 1-800-680-7289 | www.transunion.com

  2. Federal Trade Commission (“FTC”)
    600 Pennsylvania Avenue NW, Washington, DC 20580
    1-877-438-4338 | www.identitytheft.gov

  3. Obtain Free Credit Reports
    Visit www.annualcreditreport.com or call 1-877-322-8228.

4. TEMPLATE C – CONSUMER REPORTING AGENCY (“CRA”) NOTICE

(Use only if ≥1,000 Michigan residents are notified in a 24-hour period, per Mich. Comp. Laws Ann. § 445.72(8).)

[LETTERHEAD OF COMPANY]

[Date]

[VIA CERTIFIED MAIL / EMAIL]

[CRA Name]
[CRA Address]

Re: Notice of Data Breach Affecting [Total Individuals] Consumers

To Whom It May Concern:

Pursuant to Mich. Comp. Laws Ann. § 445.72(8), Company provides notice that on [Notification Date] it is issuing breach notifications to approximately [Total Individuals] individuals, of which [Impacted MI Residents] are Michigan residents. The enclosed spreadsheet lists resident-level data fields required by your intake protocol.

Please contact [Contact Person] with any questions.

Sincerely,

[NAME]
[TITLE]
[Company]

End of Package

AI Legal Assistant

Welcome to State Data Breach Notification Letter

You're viewing a professional legal template that you can edit directly in your browser.

What's included:

  • Professional legal document formatting
  • Michigan jurisdiction-specific content
  • Editable text with legal guidance
  • Free DOCX download

Upgrade to AI Editor for:

  • 🤖 Real-time AI legal assistance
  • 🔍 Intelligent document review
  • ⏰ Unlimited editing time
  • 📄 PDF exports
  • 💾 Auto-save & cloud sync