On April 7, 2010, Mississippi enacted H.B. 583, making Mississippi state the forty-sixth state with a data security breach notification law on the books.

The law, which goes into effect on July 1, 2011, requires that any person who conducts business in Mississippi and who, in the ordinary course of the person’s business, functions, owns, licenses or maintains personal information of any Mississippi resident to notify certain individuals when the security of their unencrypted personal information may be at risk.

The language of this law is consistent with that of other states’ data privacy laws in most respects. The one significant difference is that this law requires that notice of a breach only be provided to “affected individuals,” which are defined by the statute to mean residents of Mississippi whose “personal information was, or is reasonably believed to have been, intentionally acquired by an unauthorized person through a breach of security.” As drafted, this limitation could excuse providing notice when electronic storage devices containing personal information is lost or accidentally sent to the wrong person.

This law does not require notification be provided if, after an investigation, that the security breach “will not likely result in harm to the affected individuals.”

Failure to comply with the law is deemed to constitute an unfair trade practice, but the right to enforce the law lies only with the Attorney General. The law does not permit a private right of action.

To see a full text of the new law, click here.

This entry was posted on Thursday, April 22nd, 2010 at 5:54 am by Nancy Cremins and is filed under Laws. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.