The State of Missouri recently enacted a Data Breach Notification Law that requires businesses to notify individuals whose personal information may have been disclosed or compromised. Examples of triggering events include a lost computer or file, an unauthorized posting to public forum, or even criminal action such as access by a "hacker" or theft of a company computer.
The new law goes into effect on August 28, 2009.
The new Missouri Data Breach Notification Law applies to the disclosure of these categories of personal information among others:
- Social Security numbers
- driver's license numbers
- information that could be used to access an individual's financial accounts
Unlike the Data Breach Notification Laws of many other states, the Missouri law also applies to medical and health insurance information, including an individual's medical history, mental or physical condition, treatment or diagnosis, health insurance policy number, and any other unique identifier used by a health insurer.
We believe that it is important for our clients to note that the law applies to the personal information of customers as well as employees. The goal of the new Missouri law is to help individuals protect themselves against identity theft and account fraud that can happen after an information security breach. The duties and obligations of the business with respect to a possible data security breach incident will apply to all individuals -- whether customer or employee.
The new Missouri law also requires notice to the Missouri Attorney General and national consumer reporting agencies if more than 1,000 Missouri residents must be notified. The Missouri law allows the Attorney General to seek actual damages or civil penalties for non-compliance and failure to notify.
The Missouri law does not require these procedures for each and every disclosure or compromise of personal information. For more information on compliance with the Missouri Data Breach Notification Law and measures that you can take to prevent Data Breach incidents including HR trainings and security measures, please contact your Husch Blackwell Sanders attorney.
Husch Blackwell Sanders LLP regularly publishes updates on industry trends and new developments in the law for our clients and friends. Please contact us if you would like to receive updates and newsletters, or request a printed copy.
Husch Blackwell Sanders encourages you to reprint this material. Please include the statement, "Reprinted with permission from Husch Blackwell Sanders, copyright 2010, www.huschblackwell.com." at the end of any reprints. Please also email [email protected] to tell us of your reprint.
This information is intended only to provide general information in summary form on legal and business topics of the day. The contents hereof do not constitute legal advice and should not be relied on as such. Specific legal advice should be sought in particular matters.