On April 7, 2010, Mississippi became the 46th state to enact a data security breach notification law. The law, which will take effect July 1, 2011, applies to the unauthorized acquisition of unencrypted electronic files, media, databases or computerized data containing personal information of any Mississippi resident. The law contains a harm threshold specifying that notification is not required if it can be reasonably determined that the breach will not likely result in harm to affected individuals. The enactment of this law leaves Alabama, Kentucky, New Mexico and South Dakota as the only remaining states without a legal requirement to notify affected individuals in the event of a breach.
Our last update on state breach notification laws was in August, 2009, when we reported on Missouri’s enactment of a similar statute.