Mississippi joins states with data breach laws
Update 4:10 p.m.: Only four states without laws requiring public notification
April 9, 2010 4:10 p.m.
Mississippi has become the 46th state to approve a law that requires businesses to notify customers when they've had a data breach that compromises customers’ personal information.
Mississippi Gov. Haley Barbour signed the legislation April 7 — although the law won’t become effective until July 2011, according to the Mississippi Press.
When it does take effect, the law will require businesses to notify Mississippi residents any time the residents’ personal information — Social Security number, driver’s license, credit card or other personal identification numbers — is inadvertently released.
The law is not as stringent as in some states, however. For instance, while it requires the businesses to personally notify their customers in some cases — through letter, phone or email — it allows for "alternative means" of notification — such as placing ads in newspapers or posting a notice on the company Web site – in other cases. The alternatives are allowed if notification would cost the business more than $5,000 or the data breach affected more than 5,000 Mississippi residents. Those thresholds are much lower than in most states; many states have thresholds of $250,000 or 250,000 people or more.
The four states now without data breach notification laws are Alabama, Kentucky, New Mexico and South Dakota.
Meanwhile, Washington state has now passed a law that deals with data security in an additional way. The new law encourages financial institutions to comply with data security requirements — or face potential liability if a data breach occurs, according to the Insurance Journal Web site.
The law encourages the re-issuance of credit and debit cards in the case of data breaches, and allows financial institutions to recoup the cost of reissuing cards from any entity that was “negligent in maintaining or transmitting card data” in allowing the data breach.
Mississippi has become the 46th state to approve a law that requires businesses to notify customers when they've had a data breach that compromises customers’ personal information.
Mississippi Gov. Haley Barbour signed the legislation April 7 — although the law won’t become effective until July 2011, according to the Mississippi Press.
When it does take effect, the law will require businesses to notify Mississippi residents any time the residents’ personal information — Social Security number, driver’s license, credit card or other personal identification numbers — is inadvertently released.
The law is not as stringent as in some states, however. For instance, while it requires the businesses to personally notify their customers in some cases — through letter, phone or email — it allows for "alternative means" of notification — such as placing ads in newspapers or posting a notice on the company Web site – in other cases. The alternatives are allowed if notification would cost the business more than $5,000 or the data breach affected more than 5,000 Mississippi residents. Those thresholds are much lower than in most states; many states have thresholds of $250,000 or 250,000 people or more.
The four states now without data breach notification laws are Alabama, Kentucky, New Mexico and South Dakota.
Meanwhile, Washington state has now passed a law that deals with data security in an additional way. The new law encourages financial institutions to comply with data security requirements — or face potential liability if a data breach occurs, according to the Insurance Journal Web site.
The law encourages the re-issuance of credit and debit cards in the case of data breaches, and allows financial institutions to recoup the cost of reissuing cards from any entity that was “negligent in maintaining or transmitting card data” in allowing the data breach.
©2003-2010 Identity Theft 911, LLC. All rights reserved.
