Mississippi
Click here to review text of state statute (see Miss. Code, Title 75, § 75-24-29). For specific rules applicable to the insurance industry click here (See Miss. Code. Ann. tit. 83 ch 5 art. 11 §§801 et seq.) |
Information Covered / Important Definitions
Information covered:
Personal information of a Mississippi resident. Definition also includes tribal identification card numbers.
Important definitions:
“Security Breach” means unauthorized acquisition of electronic files, media, databases or computerized data containing personal information of any Mississippi resident when access to the personal information has not been secured by encryption or by any other method of technology that renders the personal information unreadable or unusable.
Covered Entities* / Third Party Recipients
Subject to statute:
Any person who conducts business in Mississippi and who, in the ordinary course of the person’s business functions, owns license or maintains personal information of any Mississippi resident.
Third party recipients:
A person that conducts business in Mississippi that maintains computerized data that includes personal information that the person does not own must notify the owner or licensee of the information of any security breach as soon as practicable following discovery if the personal information was, or is reasonably believed to have been, acquired by an unauthorized person for fraudulent purposes.
Notice Procedures & Timing / Other Obligations
Written, electronic or telephonic notice must be provided to victims of a security breach without unreasonable delay following completion of an investigation, unless a law enforcement agency determines that notice will impede a criminal investigation (in which case notification is delayed until authorized by law enforcement).
- Substitute notice by means prescribed in the statute if costs to exceed $5,000, affected class exceeds 5,000 persons, or covered entity has insufficient contact information.
- Notice not required if, after an appropriate investigation, the person reasonably determines that the breach will not likely result in harm to the affected individuals.
Encryption Safe Harbor / Other Exemptions
Encryption Safe Harbor:
Statute not applicable if the personal data that was lost, stolen or accessed by an unauthorized individual is encrypted or otherwise rendered unreadable or unusable.
Notification to Regulator / Waiver
A determination of no likelihood of harm:
Does not require notification to Attorney General.
Penalties
Failure to comply is a violation of state’s unfair trade practice.
Private Cause of Action / Enforcement
Private Cause of Action: No.
Enforcement by attorney general only.
* Note: Please refer to individual state statutes for a complete list of covered entities as the list of legal and commercial entities described in this chart as “subject to statute” in most cases is not exhaustive. Please also note that rules applicable to state agencies, government bodies and other public institutions are not discussed in this chart.
Click here to review text of state statute (see Miss. Code, Title 75, § 75-24-29). |