|
SB 245 - This act requires entities that handle personal information relating to Missouri residents to notify the affected individuals if the entity discovers that security of the personal information has been breached. The notification must be made without unreasonable delay, but may be delayed by a law enforcement agency if the notification would compromise an investigation. Notification to affected individuals of a breach may be made in writing or via e-mail. In cases when the cost of notifying all the affected persons would exceed $250,000, when there are over 500,000 people to notify, or when the entity does not have sufficient contact information to notify in writing or e-mail, the entity may use alternate notification procedures as described. The notification must disclose the type of personal information compromised, a toll-free number which affected individuals may call for more information, and contact information for the major credit reporting agencies. Entities required to notify people under this act must also arrange for each notified person to receive a copy of his or her credit report at regular intervals for two years after the breach incidence. Persons injured by a violation of this act may seek civil damages and any entity that violates or proposes to violate the act may be enjoined. ERIKA JAQUES
|
