Can I collect personal information from my customers in California in Mississippi? What are the requirements?

Personal Information Collection Requirements in California and Mississippi

If you collect personal information from customers in California and Mississippi, you must comply with the data privacy laws of both states.

In California, the California Consumer Privacy Act (CCPA) regulates the collection, use, and disclosure of personal information of California residents by businesses. Under the CCPA, businesses must provide certain notices to consumers at or before the point of collection of their personal information, including the categories of personal information collected and the purposes for which the information will be used ^[2.3]. Each agency shall maintain in its records only personal information which is relevant and necessary to accomplish a purpose of the agency required or authorized by the California Constitution or statute or mandated by the federal government ^[2.1]. The Legislature declares that the right to privacy is a personal and fundamental right protected by Section 1 of Article I of the Constitution of California and by the United States Constitution and that all individuals have a right of privacy in information pertaining to them ^[2.2]. Each agency shall provide on or with any form used to collect personal information from individuals the notice specified in this section ^[2.4].

In Mississippi, any person who conducts business in the state and who owns, licenses, or maintains personal information of any resident of the state must provide notice of a breach of security involving personal information to all affected individuals. The notice must be made without unreasonable delay, subject to certain provisions, and may be provided by written notice, telephone notice, electronic notice, or substitute notice ^[1.1]. Access to proprietary information submitted to the Board shall be disclosed only to the following individuals: Board members, members on the Board’s staff and the Attorney General’s Office, and on a “need to know” basis as determined by the Board: consultants and experts employed or engaged by the Board; and members of committees appointed by the Board ^[3.1]. To assist in the completion of its duties mandated by the Act, the Board may receive operational, technical and financial information from commercial mobile radio service providers and 911 service providers. Some of this information may be of confidential nature, and the entities providing it may desire it from unnecessary disclosure to third parties. The purpose of these rules is to ensure the protection from disclosure ^[3.2].

Conclusion

To summarize, if you collect personal information from customers in California and Mississippi, you must comply with the data privacy laws of both states. In California, you must provide certain notices to consumers at or before the point of collection of their personal information. In Mississippi, you must provide notice of a breach of security involving personal information to all affected individuals. Additionally, access to proprietary information submitted to the Board shall be disclosed only to specific individuals ^[3.1][3.2].

Source(s):

• [1.1] Persons conducting business in Mississippi required to provide notice of a breach of security involving personal information to all affected individuals; enforcement.
• [2.1] Section 1798.14 - Agency Requirements
• [2.2] Section 1798.1 - General Provisions and Legislative Findings
• [2.3] Section 1798.24 - Conditions of Disclosure
• [2.4] Section 1798.17 - Agency Requirements
• [3.1] Access to Proprietary Information
• [3.2] Submission of Proprietary Information.

Jurisdiction

Mississippi, California

• Privacy