Missouri has become the most recent state to legislate heavy civil penalties on companies that fail to protect consumer data. House Bill 62, which takes effect August 28, 2009 is the latest in a patchwork of industry regulations covering forty five states and the federal government.
Among the provisions are requirements that companies and organizations must alert affected individuals and the Attorney General immediately after discovering a security breach, cooperate with law enforcement and notify the attorney general’s office if the breach affects more than 1,000 individuals at a time.
The new law has broadly defined personal information to include not just financial information or Social Security numbers, in combination with names, but also any unique electronic identifier or medical information. The companies must share the details of the breach with customers, describe what was lost and provide means of protection. Violators can face civil penalties of as much as $150,000 a breach.
Read more details about Missouri House Bill 62 here.
