Security Breach Legislation in the State of Mississippi

March 01, 2022 | 4 minutes read
Security Breach Legislation in the State of Mississippi

Miss. Code § 75-24-29 is a security breach notification law that was passed in the U.S. state of Mississippi in 2010 and went into effect the following year. Under Miss. Code § 75-24-29,9individuals, business entities, and organizations are required to provide notice to all affected parties and persons in the event that a security breach takes place. Furthermore, the law also empowers the Mississippi attorney general with the authority to enforce the various provisions set forth in the law. To this point, individuals and businesses that are found to be in violation of Miss. Code § 75-24-29 are subject to numerous penalties and sanctions.

How is a security breach defined under Miss. Code § 75-24-29?

Under Miss. Code § 75-24-29, a security breach is defined as “an unauthorized acquisition of electronic files, media, databases or computerized data containing personal information of any MS resident when access to the PI has not been secured by encryption or by any other method of technology that renders the PI unreadable or unusable.” On the other end of the spectrum, as it concerns the scope and application of the law, Miss. Code § 75-24-29 applies to “any person who conducts business in MS and who, in the ordinary course of the person’s business functions, owns, licenses, or maintains the PI of any MS resident.”

What are the data breach notification requirements under Miss. Code § 75-24-29?

Much like other security breach notification laws around the country, Miss. Code § 75-24-29 mandates that business entities and organizations within the state notify all affected individuals and parties whenever a security breach occurs, in the most expedient manner possible. These notifications may be provided to consumers in writing, by telephone, or via email communication, and must provide all affected individuals with information about the scope and severity of the security breach, as well as any steps that the affected entity took to restore the reasonable integrity of their data system, among other pertinent details. Alternatively, business entities may also provide affected individuals with substitute security breach notifications, albeit under certain circumstances.

Under Miss. Code § 75-24-29, a business entity or organization within the state of Mississippi may provide substitute security breach notifications to affected individuals, if the following criteria is met:

What categories of personal information are protected under Miss. Code § 75-24-29?

Under Miss. Code § 75-24-29, the following types of personal information are covered in the event that a security breach takes place, in combination with a Mississippi resident’s first and last name or first initial and last name, in instances where these data elements have neither been encrypted nor redacted:

In terms of the enforcement of Miss. Code § 75-24-29, the provisions set forth in the law are enforced by the Mississippi attorney general. As such, the Mississippi attorney general has the authority to impose a number of sanctions and penalties against business entities and organizations within the state that are found to be in violation of the law. What’s more, violations of Miss. Code § 75-24-29 are also considered to be unfair or deceptive practices under other applicable legislation within the state. As such, violators of Miss. Code § 75-24-29 also face additional penalties in accordance with such legislation.

Through the legal framework established in Miss. Code § 75-24-29, residents of the state of Mississippi have the means to seek justice and compensation in the event that their personal information is illegally compromised following a security breach. As such occurrences will only grow in frequency due to the prevalent nature of online communication and commerce, legislation such as Miss. Code § 75-24-29 ensures that citizens of the U.S. can protect themselves from the various adverse consequences that can result from being involved in a security breach. In lieu of a comprehensive data protection and privacy law at the federal level, states around the country must consider whether the data breach protection legislation within the state is truly providing residents with an effective level of protection and coverage.

Related Reads

Blurring Faces from Videos and The Truth About Body-Worn Camera Privacy
September 06, 2023 | 4 minutes read
Blurring Faces from Videos and The Truth About Body-Worn Camera Privacy

Body-worn cameras are an essential piece of equipment for law enforcement officers and the redaction of faces from BWC footage is necessary to protect the privacy of individuals.

Learn More »
Sensitive Information, Protected: Patient Privacy, HIPAA, And You
August 30, 2023 | 4 minutes read
Sensitive Information, Protected: Patient Privacy, HIPAA, And You

HIPAA compliance ensures patient privacy. Often making the consequences of non-compliance severe, so how do you avoid that?

Learn More »
Protecting Privacy in the Healthcare Field: PII, PHI & PCI
July 12, 2023 | 5 minutes read
Protecting Privacy in the Healthcare Field: PII, PHI & PCI

Healthcare professionals handle a wide range of sensitive data that is crucial for delivering quality care. But protecting that data is getting harder.

Learn More »
FISA Section 702, Is The US Government Monitoring You?
June 26, 2023 | 6 minutes read
FISA Section 702, Is The US Government Monitoring You?

Is there a give-and-take relationship that must be accepted when it comes to keeping the country safe? Should U.S. persons be okay with the incidental collection of their conversations in the name of national security under FISA Section 702? Even when it violates their constitutional rights? Well, that’s up to Congress to decide.

Learn More »
The Gap You Won’t Want to Close: Air-Gapped Systems
June 05, 2023 | 6 minutes read
The Gap You Won’t Want to Close: Air-Gapped Systems

An air-gapped system is a computer, or network that is physically isolated from any external connections and networks which includes the Internet. It operates in total isolation with neither wired nor wireless connections to other devices.

Learn More »
Using Redaction for Privacy Maintenance as An Investigator
May 31, 2023 | 5 minutes read
Using Redaction for Privacy Maintenance as An Investigator

These oaths emphasize upholding the law, serving the public, and protecting the rights of individuals. One of these many rights is privacy. An investigator must adhere to the legal and ethical guidelines within the jurisdiction and perform their investigation within those specifically set boundaries.

Learn More »