Bill > SB2471

This bill provides legal protections and liability limitations for counties, municipalities, and commercial entities in the event of a cybersecurity incident. The bill defines "covered entities" as various types of commercial organizations and "third-party agents" as entities contracted to handle personal information. For government entities like counties and municipalities, the bill offers immunity from liability if they adopt cybersecurity standards that safeguard data and align with best practices, such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework. For commercial entities and third-party agents, the bill creates a rebuttable presumption against liability if they substantially comply with recognized cybersecurity standards, which include frameworks like NIST, the Center for Internet Security Controls, and standards related to specific federal laws like HIPAA and the Gramm-Leach-Bliley Act. The bill requires entities to consider factors such as their size, complexity, and the sensitivity of protected information when implementing cybersecurity programs. Importantly, the bill does not create a private right of action, meaning individuals cannot sue entities solely for failing to comply with the act, and failure to implement a cybersecurity program is not automatically considered negligence. The bill will take effect on July 1, 2025, and apply to civil actions filed on or after that date.

Justice

https://billstatus.ls.state.ms.us/2025/pdf/history/SB/SB2471.xml