Data Privacy Regulations

Terms of Use

This summary of regulations is provided for information purposes only.
No action based on this summary alone should be undertaken.
Each individual or entity must obtain appropriate guidance for its specific circumstances.

MISSISSIPPI DATA PRIVACY REGULATIONS

Did You Know?

 
  • Limited methods of notification delivery
  • Data owners are responsible for breach reporting and notifications
  • Laws cover PII data protection
  • Other state laws, federal laws, industry regulations, and/or out-of-country laws may apply 

Who Me?

 

Mississippi breach and notification laws may apply if you:

  • Are any person conducting business in MS and owns, licenses or maintains PII of an MS resident
  • Are any person conducting business in MS that maintains computerized PII but does not own or license it

 There are exemptions.

What is PII?

 

PII relevant to a breach in Mississippi include a person's name plus one or more of the following:

  • Social Security Number
  • Driver license or state identification number
  • Account number or credit  or debit card number in combination any security code, access code or password, etc. permitting access to the person's account

LAWS

APPLICABLE LAW

A few applicable statutes include, but are not limited to:

Title 75 Regulation Of Trade, Commerce And Investments / Chapter 24 Regulation Of Business For Consumer Protection / General Provisions / 75-24-3 and 75-24-29

RELATED LAWS

A relevant statute includes, but is not limited to:

Title 75 Regulation Of Trade, Commerce And Investments / Chapter 24 Regulation Of Business For Consumer Protection / § 75-24-231. Credit card processing hardware and software required to meet requirements of federal law.

PENALTIES

COMPLIANCE PENALTIES

Failure to comply with the requirements constitutes an unfair trade practice enforced by the attorney general. There is no private right of action.

BREACH REPORTING

MULTIPLE FACTORS TO CONSIDER

When considering reporting requirements, it would include, but not limited to:

  • The combination of personal information breached
  • If the data was secured
  • Whether any kind of key or cipher was accessed
  • If a security key or password was accessed
  • If the breach will result in harm to the affected individuals

TIME LIMITS

The notification may be delayed if law enforcement indicates the notification may interfere with an investigation, otherwise, notification is required without unreasonable delay.

CONSUMER NOTIFICATION

Requires detailed information and potential provision of services

The notification may only be provided in a written notice, by telephone, or sent electronically if it is the person's primary means of communication or consistent with 15 USCS 7001.

A substitute notice, with specific instructions, can be sent if the business demonstrates that the cost of providing the notice would exceed $5,000 or the persons to be notified exceeds 5,000, or they do not have sufficient contact information.

Contact the Privacy Experts at CSR