Bill > SB2410

This bill establishes protections against liability for governmental entities and certain commercial entities, referred to as "covered entities," in the event of a cybersecurity incident, provided they substantially comply with specific cybersecurity standards. For governmental entities like counties and municipalities, liability is limited if they adopt standards that safeguard data and align with generally accepted best practices, including the National Institute of Standards and Technology (NIST) Cybersecurity Framework. For commercial entities and their "third-party agents" (entities handling personal information on their behalf), there's a rebuttable presumption against liability if they implement a cybersecurity program that substantially aligns with recognized standards such as NIST frameworks, the Center for Internet Security (CIS) Critical Security Controls, or specific federal laws like HIPAA (Health Insurance Portability and Accountability Act) and the Gramm-Leach-Bliley Act. "Substantial compliance" means having implemented and being able to demonstrate adherence to the technical requirements of these standards. The bill also outlines factors to consider when determining the appropriate scale of compliance, such as the entity's size, complexity, and the sensitivity of the data it handles, and clarifies that failure to comply does not create a new private cause of action or diminish existing ones, with the provisions taking effect on July 1, 2026.

Justice

https://billstatus.ls.state.ms.us/2026/pdf/history/SB/SB2410.xml