Missouri
| Missouri Revised Statute: § 407.1500 | |
|---|---|
| CITATION | Mo. Rev. Stat. § 407.1500 |
| ENACTED | 2009 |
| SUMMARY | The law requires any person that owns or licenses personal information of residents of Missouri or any person that conducts business in Missouri that owns or licenses personal information in any form of a resident of Missouri shall provide notice to the affected consumer that there has been a breach of security following discovery or notification of the breach. |
| DATA COVERED |
The law applies to ‘Personal Information’ which is defined as an individual’s first name or first initial and last name in combination with any one or more of the following data elements that relate to the individual if any of the data elements are not encrypted, redacted, or otherwise altered by any method or technology in such a manner that the name or data elements are unreadable or unusable:
|
| INDUSTRY | The law is applicable to any person that owns or licenses personal information of residents of Missouri or any person that conducts business in Missouri that owns or licenses personal information in any form of a resident of Missouri. |
| PENALTIES | The Attorney General has the exclusive authority to bring an action to obtain actual damages for a willful and knowing violation. The Attorney General may also seek a civil penalty not to exceed one hundred fifty thousand dollars ($150,000) per breach or of the security of the system or series of breaches of a similar nature that are discovered in a single investigation. |
