Missouri is one of only six states that does not require companies holding personal information to notify customers, clients, and employees if those files are breached. But a plan that attacks the step before identity theft is on the verge of passage in the legislature.
The Senate has approved the bill. It’s waiting for action in the House.
Senate Sponsor Scott Rupp says notification before the hackers or thieves can make use of the stolen personal information could head off identity theft. Rupp has told Senators, "It’s more a notification of …’be mindful. Look for anything suspicious…I should be a little bit more guarded about that charge on my credit card bill…"
The plan would require customers to be notified by e-mail, regular mail, or telephone unless the costs of notification exceeds 250-thousand dollars or if more than one-half million people are to be notified, alternate means of notice can be used. The Attorney General would have to be notified if the breach affects more than 1,000 people.
Companies that do not notify clients could face a lawsuit by the state with a penalty of as much as 150-thousand dollars per breach.
The measure is SB207 & 245. Here’s a link to a summary: