Missouri Privacy Laws

Breach Notification

Mandated Timeframe

Without unreasonable delay

Fines & Penalties

Violations

Up to $150,000 per breach

REGULATION LEVELS

Breach Reporting Consumer Notifications
Vendor Management Vendor Contract Required
LEVEL DESCRIPTION
Minimal Basic Comprehensive Extensive
LAWS RELATED TO PERSONAL INFORMATION
Breach Reporting

Breach Reporting Requirements

Consumer Notification Requirements

Vendor Notification of Breach

Protect Personal Information

Vendor Specific Obligations

Vendor Mandated Contracts

Required Programs

Protection/Security

Employee Training

Vendor Protection/Search Program

Personal Information Protection

Data Disposal of Personal Information

Breach Notification

Mandated Timeframe

Without unreasonable delay

Fines & Penalties

Violations

Up to $150,000 per breach

REGULATION LEVELS

Breach
Reporting
Consumer
Notifications
Vendor
Management
Vendor
Contract Required
LEVEL DESCRIPTION
Minimal Basic Comprehensive Extensive
LAWS RELATED TO PERSONAL INFORMATION
Breach Reporting

Breach Reporting Requirements

Consumer Notification Requirements

Vendor Notification of Breach

Protect Personal Information

Vendor Specific Obligations

Vendor Mandated Contracts

Required Programs

Protection/Security

Employee Training

Vendor Protection/Search Program

Personal Information Protection

Data Disposal of Personal Information

Breach Notification

Mandated Timeframe

Without unreasonable delay

Fines & Penalties

Violations

Up to $150,000 per breach

REGULATION LEVELS

Breach
Reporting
Consumer
Notifications
Vendor
Management
Vendor
Contract Required
LEVEL DESCRIPTION
Minimal Basic Comprehensive Extensive
LAWS RELATED TO PERSONAL INFORMATION
Breach Reporting

Breach Reporting Requirements

Consumer Notification Requirements

Vendor Notification of Breach

Protect Personal Information

Vendor Specific Obligations

Vendor Mandated Contracts

Required Programs

Protection/Security

Employee Training

Vendor Protection/Search Program

Personal Information Protection

Data Disposal of Personal Information

Quick Facts

Missouri Privacy Law Information

  • Fines & Violations

    Organizations may be fined or penalized for Vendor violations. The Attorney General may bring actions against violators with civil penalties up to $150,000 per incident, or a series of incidents discovered within the same investigation of a breach.

  • Vendor/Third Parties

    A vendor discovering a breach or suspected breach must notify the data owner. The organization is responsible for reporting to the regulator and consumer notification. Vendors in the business of destroying records must have measures in place for the destruction of records containing personal information so the records are unreadable or undecipherable. Under Montana’s Consumer Protection law, “an entity that destroys records” is included in the definition of “business”.

  • Breach Reporting

    At the same time as consumer notification, breach reporting must be made to the Attorney General’s Consumer Protection Office. Notifying the Commissioner of Insurance is required in some cases involving insurance-related breaches.

Missouri

Statutes and Laws

MO REV STAT § 161.096

Statewide longitudinal data system, regulation on student data accessibility, transparency, and accountability required – regulation requirements – data not to be reported – rulemaking authority – violation, penalty – attorney general to enforce

MO REV STAT § 407.1355

Social security number, prohibited actions involving

MO REV STAT § 407.430

Citation of law

MO REV STAT § 407.433

Protection of credit card and debit card account numbers, prohibited actions, penalty, exceptions – effective date, applicability

MO REV STAT § 407.434

Counterfeit credit cards, unlawful practices – defrauding issuer – authorization of acquirer.

MO REV STAT § 569.095

Tampering with computer data; penalties