Mandated Timeframe for Breach Reporting and/or Consumer Notification
Without unreasonable delay
Laws related specifically to personal information
Breach Reporting & Consumer Notification
Protect Personal Information
Program for Protection/Security
Third Party: Specific Obligations
Third Party: Mandated Contracts
Requests for Information
Fines & Penalties
Violations of breach and notification laws
up to $150,000 per breach
Third Party Management
None to minimal
There are specific considerations when determining if a breach is reportable.
Reporting to the consumer reporting agencies may be required.
If more than 1,000 residents are required to receive notifications, the incident must also be reported to the Attorney General and all consumer reporting agencies with specific information.
If a vendor is breached, they must report it to the data owner. The data owner will be responsible to complete the reporting and consumer notification, but the vendor is still required to cooperate.
If your breach affects residents in other states, you will need to notify those residents using those states’ rules.
STatutes and LAWS
MO Rev Stat § 407.1500 Definitions; Notice to Consumer for Breach of Security; Procedure–Attorney General may bring action for damages
MO Rev Stat § 407.430-407.436 Credit User Protection Law
MO Rev Stat § 407.1355 Social Security Number, Prohibited actions involving
MO Rev Stat § 569.095 Tampering with computer data; Penalties
MO Rev Stat § 161.096 Statewide longitudinal data system, Regulation on Student Data accessibility, transparency, and accountability required — Regulation Requirements — Data not to be reported — Rulemaking authority — Violation, penalty — Attorney General to enforce