With Mississippi enacting its own data breach notification law on April 7, Alabama, Kentucky, New Mexico, and South Dakota remain the only states without such a law. Mississippi Gov. Haley Barbour signed H.B. 583 making his state the 46th to enact a breach notification law. The law becomes effective July 1, 2011.
Like many breach notification statutes:
- the notification obligation falls on any business in the state which owns or licenses personal information,
- personal information generally includes name plus either Social Security number, drivers license number, or financial account number,
- encrypted personal information is not subject to the breach notification requirement, and
- the notification obligation applies only when there is a risk of harm to affected state resident in connection with a breach of security.
The law will be enforced by Mississippi’s Attorney General, however, the law prohibits individuals from commencing a privacy lawsuit under the new law.