M-F 8:00AM TO 5:30PM CST
Better coverage. Better price.

Missouri Data Breach Laws: Notification Requirements

In Missouri, every business that suffers a data breach must find out whether personal information could be misused. Businesses are legally required to notify affected Missouri residents as soon as possible by mail, telephone, or email. When a breach affects more than 150,000 people, or the cost of notification exceeds $100,000, businesses can use public service announcements instead of individual notifications. When events affect more than 1,000 people, businesses must notify the state attorney general’s office and all consumer-reporting agencies.

Name of Law / Statute


Definition of Protected Information

Combination of (1) name or other identifying info, PLUS (2) one or more of these "data" elements: SSN; driver's license number; or account number, credit card number, debit card number if accompanied by PIN, password, or access codes PLUS medical data

Who Is Subject to Law?

Any person or business conducting business in the state who licenses or owns PI

Notification of Consumers?

Yes, unless determination of no harm by business

By what means?

Written, phone, or electronic (if consumer consented); if >1000 residents, must notify consumer reporting agencies

Substitute Notice Threshold?

If cost of notice >$100,000 or involves >150k residents

Notification of authorities / regulators required?


By what means?


Regulatory Fines

Up to $150k/breach

Credit monitoring requirement?


Private lawsuits allowed?


Private damages cap?


Regulatory actions allowed?

Yes (actual damages for willful violations)

HIPAA Compliance exemption?


Other  (e.g., timeframe)

Law does not apply if PI was encrypted

Link to complete law

Missouri's Data Breach Law

Read the full text of Missouri’s data breach law.

70% of businesses raise prices or cut hiring when sued