Mandated Timeframe for Breach Reporting and/or Consumer Notification

Without unreasonable delay
Laws related specifically to personal information
  • Breach Reporting & Consumer Notification
  • Protect Personal Information
  • Program for Protection/Security
  • Vendor Specific Obligations
  • Vendor Mandated Contracts
  • Employee Training
  • Required Disposal of Retained Personal Information
  • Require Vendors to Protect Personal Information
  • Verification of Vendor Protection/Security Program
  • Vendor Notification to Organization of Breach/Suspected Breach
Fines & Penalties

Violations of breach notification laws:

- up to $150,000 per breach

Regulation Levels
  • Breach Reporting
  • Consumer Notifications
  • Vendor Management
  • Vendor Contract Required
Level Description
  • None to minimal
  • Basic Requirements
  • Comprehensive Requirements
  • Extensive Requirements
Quick Facts
  • There are specific considerations when determining if a breach is reportable.
  • If more than 1,000 residents are required to receive breach notifications, the incident must also be reported to the Attorney General and all consumer reporting agencies with specific information.
  • Vendors must notify Organizations upon discovery of a breach or suspected breach. The Organization is responsible for submitting any required regulatory reporting and consumer notifications.
  • If your breach affects residents in other jurisdictions, those individuals must be notified based on the breach notification laws of the jurisdiction where they reside.
  • Organizations may be fined or penalized for Vendor violations.
  • The Attorney General may bring actions against violators with civil penalties up to $150,000 per incident, or a series of incidents discovered within the same investigation of a breach.
STatutes and LAWS
  • MO Rev Stat § 407.1500 Definitions; Notice to Consumer for Breach of Security; Procedure–Attorney General may bring action for damages
  • MO Rev Stat §§ 407.430-407.436 Credit User Protection Law
  • MO Rev Stat § 407.1355 Social Security Number, Prohibited actions involving
  • MO Rev Stat § 569.095 Tampering with computer data; Penalties
  • MO Rev Stat § 161.096 Statewide longitudinal data system, Regulation on Student Data accessibility, transparency, and accountability required — Regulation Requirements — Data not to be reported — Rulemaking authority — Violation, penalty — Attorney General to enforce
BAck to map