Mississippi this week became the 46th state to pass legislation requiring businesses and government agencies to immediately notify people when their personal information has been compromised by either an accidental or deliberate data breach.
House Bill 583, which was signed into law this week by Gov. Haley Barbour, goes into effect on July 1 and requires “any person who conducts business” in the state to disclose any breach to all affected individuals without unreasonable delay.
It further compels organizations to alert appropriate law enforcement agencies of the data breach and to initiate their own internal investigations to determine both the scope and nature of the incident.
With Mississippi now on board, only Alabama, Kentucky, New Mexico and South Dakota have yet to adopt data breach notification statutes to protect consumers from what’s become an almost weekly occurrence.
Unlike California, which has passed the most precise and demanding data breach notification bill in the country, Mississippi’s new law does allow companies to, after reasonable investigation, forego notification if they can prove that the breach will not likely result in harm to the affected individual.
The law makes it clear that any exposure of certain data, including social security numbers, driver’s license or state identification numbers, or any credit or debit card account information, must be immediately reported to the affected individuals.
The legislation represents the latest attempt by state legislators to fight cybercrime and hold individual companies and organizations to a higher level of responsibility for safeguarding consumer data.
Earlier this month, the state of Washington joined Minnesota and Nevada in passing legislation that would allow banks to recover certain costs and damages from retailers and credit card processors who have yet to comply with current Payment Card Industry (PCI) security standards.