The social website Blippy, which allows users to share information about when and where they make purchases is posing a data security risk to users after it was revealed Friday that user credit card numbers are appearing online.

VentureBeat first noticed the glitch and reported that credit card numbers appeared in some 130 Google search results, Mashable and CNET report. To date Blippy has not responded to inquiries regarding this privacy breach. To see the ABA Journal article regarding this security glitch, click here.

For a New York Times article regarding the trend of oversharing of personal information on the web, click here.

For users of Blippy and other applications that share personal information, clearly there is a risk of someone misusing your credit cards or other personal information that you are publicly providing. So before you share, perhaps you should refrain from providing too much information before that information falls into the wrong hands.

On April 7, 2010, Mississippi enacted H.B. 583, making Mississippi state the forty-sixth state with a data security breach notification law on the books.

The law, which goes into effect on July 1, 2011, requires that any person who conducts business in Mississippi and who, in the ordinary course of the person’s business, functions, owns, licenses or maintains personal information of any Mississippi resident to notify certain individuals when the security of their unencrypted personal information may be at risk.

The language of this law is consistent with that of other states’ data privacy laws in most respects. The one significant difference is that this law requires that notice of a breach only be provided to “affected individuals,” which are defined by the statute to mean residents of Mississippi whose “personal information was, or is reasonably believed to have been, intentionally acquired by an unauthorized person through a breach of security.” As drafted, this limitation could excuse providing notice when electronic storage devices containing personal information is lost or accidentally sent to the wrong person.

This law does not require notification be provided if, after an investigation, that the security breach “will not likely result in harm to the affected individuals.”

Failure to comply with the law is deemed to constitute an unfair trade practice, but the right to enforce the law lies only with the Attorney General. The law does not permit a private right of action.

To see a full text of the new law, click here.