Mississippi Code § 75-24-29
Enacted: 7.1.2011
Type of Data Covered: Computerized or electronic data.
Is Breach Defined?
"Breach of security" means unauthorized acquisition of electronic files, media, databases or computerized data containing personal information of any resident of this state when access to the personal information has not been secured by encryption or by any other method or technology that renders the personal information unreadable or unusable
When is notice required?
Notice is required for all affected residents and must be delivered "without unreasonable delay, subject to the provisions of subsections (4) and (5) of this section and the completion of an investigation by the person to determine the nature and scope of the incident, to identify the affected individuals, or to restore the reasonable integrity of the data system. Notification shall not be required if, after an appropriate investigation, the person reasonably determines that the breach will not likely result in harm to the affected individuals." See §75-24-29(3). Sections 4 and 5 mentioned in the statute excerpt deal with companies who maintain personal information, who must notify the owner, and law enforcement delays, respectively. Written, telephonic, electronic, and substitute notice are permissible, depending on circumstances. There is no reporting requirement to consumer reporting agencies and the content of the notice is not specified.
What are the penalties for non-compliance?
Violations have their own section of the law, § 75-24-29(8), which reads as follows:
"Failure to comply with the requirements of this section shall constitute an unfair trade practice and shall be enforced by the Attorney General; however, nothing in this section may be construed to create a private right of action."