Can I use third-party cloud storage services that collect personal information in Missouri? What are the requirements?

Using Third-Party Cloud Storage Services in Missouri

Missouri has specific requirements for the use of third-party cloud storage services that collect personal information.

Privacy and Security Requirements ^[3.1]

The Privacy and Security Requirements rule establishes procedures for dissemination of criminal history record information and to ensure that the privacy and security of individuals have not been violated. The rule defines CHRI (Criminal History Record Information) as information collected by criminal justice agencies on individuals consisting of identifiable descriptions and notations of arrests, detentions, indictments, information or other formal criminal charges, any disposition arising from criminal charges, sentencing, correctional supervision, and release.

The rule states that noncriminal justice agencies or citizens shall receive the following CHRI for employment, licensing purposes, or reasons stated in the request:

1. All conviction data;
2. All charges for which an individual is currently under the jurisdiction of the criminal justice system;
3. All charges resulting in an imposition of SIS until the time as the case is finally terminated; and
4. Information regarding an arrest, if it is within thirty (30) days of the arrest and no action has been taken by the prosecuting or circuit attorney.

Privacy of Financial Information ^[4.1]

The Privacy of Financial Information rule is designed to effectuate, interpret, and carry out the provisions of section 362.422, RSMo, regarding the disclosure of nonpublic personal information in violation of Title V of the Gramm-Leach-Bliley Financial Modernization Act of 1999.

The rule defines an affiliate as any company that controls, is controlled by, or is under common control with another company. The rule also defines clear and conspicuous as a notice that is reasonably understandable and designed to call attention to the nature and significance of the information in the notice.

Privacy of Computer-accessible, Confidential Personal Information ^[2.1]

The Privacy of Computer-accessible, Confidential Personal Information rule requires agencies to develop a policy and procedure to protect computer-accessible, confidential personal information. Agencies must maintain a current description of computer-accessible, confidential personal information, a list of agencies that have access to the information and the reason the information is kept. The collecting agency must also identify the statute that is the basis to classify the personal information as confidential. A written agreement to protect the right to privacy of computer-accessible, confidential personal information must be signed before that information is provided by an agency to any other agency or private entity acting on behalf of an agency.

Conclusion

Based on the available information, it is required to have a written agreement to protect the right to privacy of computer-accessible, confidential personal information before that information is provided by an agency to any other agency or private entity acting on behalf of an agency. It is recommended that individuals and businesses using third-party cloud storage services review these rules and consult with legal counsel to ensure compliance with applicable laws and regulations.

[indexes: ^[2.1], ^[3.1], ^[4.1]

Source(s):

• [2.1] Privacy of Computer-ac- cessible, Confidential Personal Informa- tion
• [3.1] Privacy and Security Requirements
• [4.1] Privacy of Financial Information

Jurisdiction

Missouri

• Privacy