Can I use third-party customer service tools that collect personal information in Missouri? What are the requirements?

Using Third-Party Customer Service Tools in Missouri

If you are using third-party customer service tools that collect personal information in Missouri, you must comply with the Standards for Safeguarding Customer Information established by the Missouri Code of State Regulations (MOCS) 20 CSR 100-6.110 ^[1.1].

According to this regulation, each licensee (which includes businesses that collect and maintain customer information) must implement a comprehensive written information security program that includes administrative, technical, and physical safeguards for the protection of customer information. The administrative, technical, and physical safeguards included in the information security program shall be appropriate to the size and complexity of the licensee and the nature and scope of its activities ^[1.1].

The information security program shall be designed to ensure the security and confidentiality of customer information, protect against any anticipated threats or hazards to the security or integrity of the information, and protect against unauthorized access to or use of the information that could result in substantial harm or inconvenience to any customer ^[1.1].

If you are using a third-party service provider to collect and maintain customer information, you must exercise appropriate due diligence in selecting the service provider and require the service provider to implement appropriate measures designed to meet the objectives of the regulation. You may also need to take appropriate steps to confirm that the service provider has satisfied these obligations ^[1.1].

Additional Requirements

In addition to the Standards for Safeguarding Customer Information, there are other regulations in Missouri that may apply to the collection and maintenance of personal information. For example, MOCS 1 CSR 10-2.020 requires agencies to develop policies and procedures to protect computer-accessible, confidential personal information ^[2.1].

Furthermore, MOCS 20 CSR 100-6.100 requires licensees to provide clear and conspicuous notices to consumers about their privacy policies and practices, and to provide consumers with the opportunity to opt-out of certain information sharing practices ^[1.2].

Conclusion

To summarize, if you are using third-party customer service tools that collect personal information in Missouri, you must comply with the Standards for Safeguarding Customer Information established by MOCS 20 CSR 100-6.110. This includes implementing a comprehensive written information security program that includes administrative, technical, and physical safeguards for the protection of customer information, exercising appropriate due diligence in selecting service providers, and requiring service providers to implement appropriate measures to meet the objectives of the regulation. Additionally, you may need to comply with other regulations in Missouri, such as MOCS 1 CSR 10-2.020 and MOCS 20 CSR 100-6.100.

Source(s):

• [1.1] Standards for Safe- guarding Customer Information
• [2.1] Privacy of Computer-ac- cessible, Confidential Personal Informa- tion
• [1.2] Privacy of Financial Information

Jurisdiction

Missouri

• Privacy