Security Breach Legislation in the State of Mississippi

Miss. Code § 75-24-29 is a security breach notification law that was passed in the U.S. state of Mississippi in 2010 and went into effect the following year. Under Miss. Code § 75-24-29,9individuals, business entities, and organizations are required to provide notice to all affected parties and persons in the event that a security breach takes place. Furthermore, the law also empowers the Mississippi attorney general with the authority to enforce the various provisions set forth in the law. To this point, individuals and businesses that are found to be in violation of Miss. Code § 75-24-29 are subject to numerous penalties and sanctions.

How is a security breach defined under Miss. Code § 75-24-29?

Under Miss. Code § 75-24-29, a security breach is defined as “an unauthorized acquisition of electronic files, media, databases or computerized data containing personal information of any MS resident when access to the PI has not been secured by encryption or by any other method of technology that renders the PI unreadable or unusable.” On the other end of the spectrum, as it concerns the scope and application of the law, Miss. Code § 75-24-29 applies to “any person who conducts business in MS and who, in the ordinary course of the person’s business functions, owns, licenses, or maintains the PI of any MS resident.”

What are the data breach notification requirements under Miss. Code § 75-24-29?

Much like other security breach notification laws around the country, Miss. Code § 75-24-29 mandates that business entities and organizations within the state notify all affected individuals and parties whenever a security breach occurs, in the most expedient manner possible. These notifications may be provided to consumers in writing, by telephone, or via email communication, and must provide all affected individuals with information about the scope and severity of the security breach, as well as any steps that the affected entity took to restore the reasonable integrity of their data system, among other pertinent details. Alternatively, business entities may also provide affected individuals with substitute security breach notifications, albeit under certain circumstances.

Under Miss. Code § 75-24-29, a business entity or organization within the state of Mississippi may provide substitute security breach notifications to affected individuals, if the following criteria is met:

• The cost of providing Georgia residents with standard data breach notifications would exceed $5,000.
• The class of affected residents is more than 5000.
• The affected entity does not have sufficient contact information concerning the residents that were affected by the breach.

What categories of personal information are protected under Miss. Code § 75-24-29?

Under Miss. Code § 75-24-29, the following types of personal information are covered in the event that a security breach takes place, in combination with a Mississippi resident’s first and last name or first initial and last name, in instances where these data elements have neither been encrypted nor redacted:

• Social security numbers.
• Drivers license number and state identification card numbers.
• Bank account numbers.
• Credit and debit card numbers, as well as any associated passwords, access codes, or security codes that could be
• used to grant access to an individual’s financial account.

In terms of the enforcement of Miss. Code § 75-24-29, the provisions set forth in the law are enforced by the Mississippi attorney general. As such, the Mississippi attorney general has the authority to impose a number of sanctions and penalties against business entities and organizations within the state that are found to be in violation of the law. What’s more, violations of Miss. Code § 75-24-29 are also considered to be unfair or deceptive practices under other applicable legislation within the state. As such, violators of Miss. Code § 75-24-29 also face additional penalties in accordance with such legislation.

Through the legal framework established in Miss. Code § 75-24-29, residents of the state of Mississippi have the means to seek justice and compensation in the event that their personal information is illegally compromised following a security breach. As such occurrences will only grow in frequency due to the prevalent nature of online communication and commerce, legislation such as Miss. Code § 75-24-29 ensures that citizens of the U.S. can protect themselves from the various adverse consequences that can result from being involved in a security breach. In lieu of a comprehensive data protection and privacy law at the federal level, states around the country must consider whether the data breach protection legislation within the state is truly providing residents with an effective level of protection and coverage.