Mississippi
Quick Facts
Breach Based on Harm Threshold: Yes
Deadline for Consumer Notice: Without unreasonable delay
Government Notification Required: No
Scope of this Summary:
Notification requirements applicable to persons who conduct business in Mississippi and who, in the ordinary course of business, own, license, or maintain covered info. Some types of businesses may be exempt from some or all of these requirements, and non-commercial entities may be subject to different requirements.
Risk of Harm Threshold
Notice is not required if, after an appropriate investigation, the entity reasonably determines that the breach is not likely to result in harm to the affected individuals
Breach Defined
Unauthorized acquisition of electronic files, media, databases or computerized data containing personal information of any resident of Mississippi when access to the personal information has not been secured by encryption or by any other method or technology that renders the personal information unreadable or unusable.
Encryption Safe Harbor
Statute does not apply to information that is secured by encryption or any other method or technology that renders the covered info unreadable or unusable.
Form of Covered Information
Electronic Only
Covered Information
An individual's first name or first initial and last name in combination with any one or more of the following data elements:
- Social security number.
- Driver's license number or state identification card number.
- An account number or credit or debit card number in combination with any required security code, access code or password that would permit access to an individual's financial account.
Consumer Notice Timing
Must be made without unreasonable delay, subject to the completion of an investigation to determine the nature and scope of the breach or to restore the reasonable integrity of the system.
Consumer Notice Method
By written notice, telephone notice, or electronic notice (if that is the primary means of communication with the affected resident or if it is consistent with E-SIGN). Substitute notice is available if certain criteria are satisfied.
Consumer Notice Content
Content requirements are not specified.
Delayed Notice
Notification may be delayed for a reasonable period of time if law enforcement determines that notification will impede a criminal investigation or national security and agency has requested that the notification be delayed.
Government Notice
The Mississippi general breach notification statute does not require notice to any governmental or regulatory agencies
Consumer Reporting Agency Notice
The Mississippi general breach notification statute does not require notice to the credit reporting agencies.
Exceptions for Other Laws
Security breach procedures pursuant to the rules, regulations, procedures, or guidelines established by its primary or functional federal regulator.
Third-Party Notice
If you conduct business in Mississippi and maintain covered info on behalf of another entity, you must notify it as soon as practicable following discovery of a breach if the covered info was or is reasonably believed to have been acquired by an unauthorized person for fraudulent purposes.
Private Right of Action
The Mississippi general data breach notification statute does provide for a private right of action.
Potential Penalties
Violations may result in civil or criminal penalties.
This summary is for informational purposes only. It provides general information and not legal advice or opinions regarding specific facts. Additional requirements or conditions may apply to any or all provisions referenced herein. For more information about the state data breach notification laws or other data security matters, please seek the advice of counsel.
Last revised on June 15, 2023