Disclaimer: This page provides general informational summaries only and does not constitute legal advice. AI-generated content may contain errors. Always consult a qualified attorney for guidance specific to your situation.
Read full disclaimer →
AI Summary
The Mississippi Consumer Privacy Protection Act grants consumers rights over their personal information, mandates data protection assessments, requires clear privacy notices, and includes specific disclosure requirements. It allows compliance with other laws and authorizes the Attorney General to provide relief and civil penalties for violations.
Business Impact
If you process personal information in Mississippi and exceed $25 million in revenue, you must comply with consumer requests or face penalties.
What do these statuses mean? ▼
Introduced
— Filed in the legislature; not yet heard in committee
In Committee
— Assigned to and being reviewed by a legislative committee
Passed
— Approved by one or both chambers; awaiting further action
Signed / Enacted
— Signed into law by the governor; may or may not be in effect yet
Dead / Vetoed
— Vetoed, failed to pass, or session expired without action
Unknown
— Status data not yet available or awaiting classification
Affected Industries
Topics How we classify →
What This Means
The Mississippi Consumer Privacy Protection Act establishes consumer rights regarding personal information, imposes obligations on businesses that exceed $25 million in revenue, requires clear and meaningful privacy notices, mandates processors to assist controllers, and includes specific disclosure requirements. Consumers may invoke their rights at any time by submitting a request to a controller of personal information. The Act exempts certain persons and data, applies to those conducting business within Mississippi, requires reasonable data security practices, and authorizes the Attorney General to provide relief and civil penalties for violations.
Key Provisions
- Grants consumers rights to access, correct, delete, or opt-out of personal information processing.
- Requires businesses to respond to consumer requests within 45 days.
- Mandates reasonable administrative, technical, and physical data security practices for protecting personal information.
- Requires controllers to conduct and document data protection assessments of certain processing activities.
- Establishes an appeal process for consumers if their requests are denied.
- Requires clear disclosure for the sale of personal information to third parties and targeted advertising.
- The Act brings forward Section 11-77-5 for possible amendment.
- Allows the Attorney General to issue civil investigative demands, provide certain relief, and has exclusive authority to enforce the Act.
- Permits the use of data for research, product recalls, responding to technical errors, and performing internal operations.
- Requires controllers to provide a reasonably accessible, clear, and meaningful privacy notice.
- Requires controllers to ensure de-identified data cannot be associated with a natural person.
- Requires processors to assist controllers in their duties.
- Allows compliance with other laws, investigations, or law enforcement requests, to defend legal claims, to provide certain products or services specifically requested by the consumer, to perform under a valid contract, to respond to security incidents, or to engage in scientific or statistical research.
- Includes an amendment to Section 45-38-9 regarding the Walker Montgomery Protecting Children Online Act.
- Exempts certain persons and data from the Act.
- Applies to certain persons conducting business within the state that exceeds twenty-five million dollars in revenue.
Latest Legislative Action
Died In Committee
Bill Sponsors (showing 5 of 15)
| Name | Role |
|---|---|
| Crawford | Primary |
| Ford | Primary |
| Harness | Primary |
| Hobgood-Wilkes | Primary |
| Hopkins | Primary |
Compliance Checklist
Respond to consumer requests for personal information access or deletion
Who: Businesses exceeding $25 million in revenue
Deadline: Within 45 days of request
Penalty: Civil penalties as determined by the Attorney General
Who: Businesses exceeding $25 million in revenue
Deadline: Within 45 days of request
Penalty: Civil penalties as determined by the Attorney General
Implement reasonable data security practices
Who: Businesses exceeding $25 million in revenue
Deadline: Ongoing
Penalty: Civil penalties for non-compliance
Who: Businesses exceeding $25 million in revenue
Deadline: Ongoing
Penalty: Civil penalties for non-compliance
Full Legal Analysis
The Mississippi Consumer Privacy Protection Act requires businesses with over $25 million in revenue conducting business within Mississippi to comply with consumer rights regarding personal information. Consumers may invoke their rights at any time by submitting a request to a controller of personal information. Businesses must respond to consumer requests, provide a reasonably accessible, clear, and meaningful privacy notice, and ensure de-identified data cannot be associated with a natural person. The Act requires controllers to establish an appeal process for consumers if their requests are denied and to provide clear and conspicuous disclosure of selling personal information or engaging in targeted advertising. The Attorney General has exclusive authority to enforce the Act and can investigate potential violations, issue civil investigative demands, and provide certain relief and civil penalties. Processors of personal information are required to assist controllers in their duties. The Act also allows controllers and processors to comply with other laws, investigations, or law enforcement requests, to defend legal claims, to provide certain products or services specifically requested by the consumer, to perform under a valid contract, to respond to security incidents, or to engage in scientific or statistical research. The Act exempts certain persons and data from its provisions. It brings forward Section 11-77-5 for the purpose of possible amendment. Additionally, the Act includes an amendment to Section 45-38-9 regarding the Walker Montgomery Protecting Children Online Act. Controllers are required to adopt and implement reasonable administrative, technical, and physical data security practices.
Official Source
Official Bill Text
View HB1051 on official legislature website →
Related Topics
Affected Industries
More Mississippi AI Legislation
SB2294
Education; institute initiatives to promote literacy in math, reading…
Low
SB3051
City of Biloxi; authorize to establish "Biloxi Biometrics and Cyberse…
Medium
HB1570
City of Biloxi; authorize to establish "Biloxi Biometrics and Cyberse…
Medium
SB2535
MS Future Innovators Act; enact to require high-school computer scien…
Medium
HB384
State institutions of higher learning; create grant program to assist…
Medium
HB1720
Artificial intelligence; prohibit use in provision of professional me…
High
View All MS Laws →
More Mississippi AI Laws
Browse all published AI bills and regulations for Mississippi.