What are the legal requirements for disclosing data breaches?

In Missouri, businesses must comply with state and federal data breach laws when it comes to disclosing data breaches. Under the Missouri Merchandising Practices Act (MMPA), businesses that collect sensitive information from customers must promptly and properly notify those affected when a data breach occurs. Notification must be made in the most expeditious manner possible and without unreasonable delay. Additionally, notification should be made by one of the following methods: letter, telephone, or email. At the federal level, businesses must comply with the Gramm-Leach-Bliley Act (GLBA). The GLBA requires businesses to inform each affected individual of a data breach within thirty (30) days of discovery. Notification must include information about the type of data compromised and the steps the customer should take to protect themselves from harm or further compromise of their data. Finally, the Federal Trade Commission’s (FTC) Safeguards Rule requires businesses to accurately disclose their information practices in their privacy policies and procedures. If a business fails to do so, or fails to follow these guidelines, the FTC will take appropriate action. In summary, businesses in Missouri must comply with both state and federal law when it comes to disclosing data breaches. Businesses must promptly and properly notify affected individuals of the breach and provide detailed information about the type of data breached and the steps that the customer should take to protect themselves. They must also accurately disclose their information practices in their privacy policies and procedures. Failure to do so may result in legal action.

What are the legal requirements for disclosing data breaches?

Related FAQs

Related Blog Posts