BillTrack50 logo
Free Signup Login
Bill

Bill > SB2500

MS SB2500

MS SB2500
Mississippi Consumer Data Protection Act; enact.

summary

Introduced
01/20/2025
In Committee
01/20/2025
Crossed Over
Passed
Dead
02/04/2025

Introduced Session

2025 Regular Session

Bill Summary

An Act To Enact The Mississippi Consumer Data Protection Act; To Define Terms; To Provide The Scope Of Protection And Exemptions Of This Act; To Provide That This Act Applies To Certain Persons Conducting Business Within The State; To Exempt Certain Data From This Act; To Provide That A Consumer May Invoke The Consumer Rights Authorized Pursuant To This Act At Any Time By Submitting A Request To A Data Controller Through A Specified Procedure; To Require A Data Controller To Respond To A Consumer Without Undue Delay; To Require A Data Controller To Establish An Appeal Process For A Consumer To Appeal The Data Controller's Refusal To Take Action On A Request Within A Reasonable Period Of Time After The Consumer's Receipt Of The Decision; To Require A Data Controller To Adopt And Implement Reasonable Administrative, Technical, And Physical Data Security Practices To Protect The Confidentiality, Integrity, And Accessibility Of Personal Data; To Require The Data Controller To Provide Consumers With A Reasonably Accessible, Clear, And Meaningful Privacy Notice; To Provide That If A Controller Sells A Consumer's Personal Data To Third Parties Or Engages In Targeted Advertising, The Data Controller Must Provide Clear And Conspicuous Notice To A Consumer; To Require Data Processors To Assist Data Controllers In Duties Required By This Act; To Provide That The Obligations Imposed On A Data Controller Or Data Processor Under This Act Shall Not Restrict A Controller's Or Processor's Ability To Collect, Use, Or Retain Certain Data; To Provide That The Obligations Imposed On A Data Controller Or Data Processor Under This Act Shall Not Apply Where Compliance By The Data Controller Or Data Processor Would Violate An Evidentiary Privilege Under The Laws Of The State; To Provide That This Act Shall Not Require A Data Controller, Data Processor, Third Party, Or Consumer To Disclose Trade Secrets; To Provide That The Attorney General Shall Have Exclusive Authority To Enforce This Act; To Provide Civil Penalties For Violation Of This Act; And For Related Purposes.

AI Summary

This bill introduces the Mississippi Consumer Data Protection Act, a comprehensive legislation designed to protect consumers' personal data privacy. The act applies to businesses conducting operations in Mississippi that process personal data of at least 100,000 consumers or 25,000 consumers while deriving over 50% of gross revenue from personal data sales, with specific exemptions for certain entities like government bodies, financial institutions, healthcare organizations, and nonprofit groups. Consumers are granted several key rights, including the ability to confirm what personal data is being processed, request deletion of their data, obtain a copy of their personal data, and opt out of personal data sales. Controllers (entities determining the purpose of data processing) must provide clear privacy notices, establish secure methods for consumers to exercise their rights, and respond to consumer requests within 90 days. The bill mandates that controllers implement reasonable data security practices, cannot process sensitive data without consumer consent, and cannot discriminate against consumers who exercise their data privacy rights. Enforcement is exclusively handled by the Attorney General, who can issue civil investigative demands and impose penalties up to $7,500 per violation, with a 90-day cure period provided before potential legal action. Notably, the act preempts all local data privacy regulations and does not create a private right of action for consumers.

Committee Categories

Justice

Sponsors (1)

Last Action

Died In Committee (on 02/04/2025)

bill text

bill summary

Loading...

bill summary

Loading...
Loading...