Can I ignore my obligations as a service provider with access to personal information in Missouri? What are the requirements?

Missouri Privacy Laws for Service Providers

As a service provider with access to personal information in Missouri, you have certain obligations to protect the privacy of individuals. The following documents outline the requirements:

• MOCS 1 CSR 10-2.020: This rule requires agencies to develop policies and procedures to protect computer-accessible, confidential personal information. Agencies must maintain a current description of the information, a list of agencies that have access to it, and the reason for keeping it. Before providing the information to any other agency or private entity, a written agreement to protect the right to privacy of the information must be signed. The head of each agency or the agency’s designated representative must annually certify that these rules are implemented.
• MOCS 20 CSR 100-6.100: This rule is designed to effectuate, interpret, and carry out the provisions of section 362.422, RSMo, regarding the disclosure of nonpublic personal information in violation of Title V of the Gramm-Leach-Bliley Financial Modernization Act of 1999. It defines terms such as “affiliate,” “consumer,” “customer,” “financial institution,” and “insurance product or service.” It also outlines requirements for providing clear and conspicuous notices to consumers, collecting and disclosing nonpublic personal financial information, and protecting the privacy of consumers.

Therefore, you cannot ignore your obligations as a service provider with access to personal information in Missouri. You must develop policies and procedures to protect the privacy of individuals and comply with the requirements outlined in the above documents.

Jurisdiction

Missouri

• Privacy