On April 7, 2010, Mississippi became the 46th state in the U.S. to enact breach notification legislation when the governor signed H.B. 583. The Mississippi House passed the legislation in January, and the Mississippi Senate amended and passed a version of H.B. 583 in March. The legislation covers businesses holding the personal information of Mississippi residents.
For a copy of Mississippi H.B. 583, click here.
The “personal information” covered by H.B. 583 includes the same categories as California's SB 1386 – name in combination with a driver’s license number, Social Security number, or account number together with an access code. H.B. 583 § 1(2)(b) (2010). Business would have to notify Mississippi residents if a security breach involved unauthorized access to their personal information. Id. § 1(3). No notification would be necessary if, following an appropriate investigation, the business “reasonably determines that the breach will not likely result in harm to the affected individuals.” Id.
A business that maintains, but does not own, personal information has an obligation to notify the data owner or licensee if there is a breach, but not the affected individuals directly. Id. § 1(4). The owner or licensee, then, would have the obligation to notify the affected individuals. The data owner or licensee may delay notification during a criminal investigation. Id. § 1(5).
The Attorney General would have the authority to enforce the law. The bill calls a failure to comply with the requirements an “unfair trade practice.” Id. § 1(8). The law does not include a private right of action. Id.
H.B. 583 takes effect on July 1, 2011.