Missouri has not enacted a comprehensive consumer privacy law. Businesses are subject to data breach notification requirements and sector-specific regulations.
Missouri Privacy & Accessibility Laws
Missouri does not have a comprehensive consumer privacy law as of 2024. The state has enacted data breach notification requirements and sector-specific privacy protections. Missouri state agencies must ensure their digital services are accessible to individuals with disabilities under federal and state requirements.
→
Privacy Law Status
No Comprehensive Law
→
Accessibility Requirements
State Government Policy
Missouri state agencies must ensure websites and digital services are accessible under ADA Title II and state IT policies.
Missouri Privacy Regulations
While Missouri lacks a comprehensive privacy law, the state has enacted several privacy protections:
Key Missouri Privacy Laws
- Missouri Data Breach Notification Law: Requires notification of security breaches affecting personal information
- Missouri Merchandising Practices Act: Prohibits deceptive business practices
- Student Data Accessibility, Transparency and Accountability Act: Protects student educational data
- Health Information Privacy: State protections for medical records
Data Breach Notification Requirements
| Requirement | Details |
|---|---|
| Covered Entities | Any person or business that owns or licenses personal information of Missouri residents |
| Notification Timeline | Without unreasonable delay, consistent with law enforcement needs |
| AG Notification | Required for all breaches affecting Missouri residents |
| Covered Data | Name plus SSN, driver's license, financial account, or medical information |
| Penalties | Violations subject to Missouri Merchandising Practices Act penalties |
Accessibility Requirements
Missouri government agencies must ensure digital accessibility for all residents:
State Government Obligations
- Missouri state agencies must comply with ADA Title II for all public-facing digital content
- Office of Administration provides IT accessibility guidance
- State websites should follow WCAG 2.1 Level AA guidelines
- Educational institutions must ensure accessible digital learning materials
- State IT procurement should consider accessibility requirements
Private Sector Considerations
- Businesses with physical locations in Missouri are subject to ADA Title III
- Missouri Human Rights Act provides additional disability protections
- Website accessibility claims can be brought under federal ADA
- Healthcare providers must ensure accessible patient portals
Enforcement
→
Privacy Enforcement
- Missouri Attorney General - Consumer protection enforcement
- Consumer Protection Division - Investigates data-related complaints
- Private right of action - Limited under Merchandising Practices Act
Contact:
Office of the Attorney General
Consumer Protection Division
P.O. Box 899
Jefferson City, MO 65102
(573) 751-3321
→
Accessibility Enforcement
- U.S. Department of Justice - ADA Title II and III enforcement
- Missouri Commission on Human Rights - State disability discrimination
- Private litigation - Federal ADA claims
Contact:
Missouri Protection & Advocacy Services
925 S. Country Club Drive
Jefferson City, MO 65109
(573) 893-3333
Business Obligations
| Obligation | Description |
|---|---|
| Data Security | Implement reasonable security measures to protect personal information |
| Breach Notification | Notify affected individuals without unreasonable delay and notify AG for all breaches |
| Student Data | EdTech companies must follow Student Data Privacy Act requirements |
| Data Disposal | Properly dispose of records containing personal information |
| Consumer Protection | Cannot engage in deceptive merchandising practices involving data |
Consumer Rights
Missouri residents have the following privacy rights:
- Breach Notification: Right to timely notice of data breaches affecting personal information
- Consumer Protection: Protection against deceptive data practices
- Student Data Rights: Parents and students have rights regarding educational data
- Credit Freeze: Right to place security freezes on credit reports
- Medical Privacy: Rights under HIPAA and state medical privacy laws
- Limited Private Action: Some rights under Merchandising Practices Act
Future Legislation
Missouri legislators have considered comprehensive privacy legislation in recent sessions. While no comprehensive law has passed, businesses should monitor legislative developments and prepare for potential future requirements.
Related Resources
- US Privacy Laws Overview
- ADA Title II Requirements
- ADA Title III for Businesses
- All State Laws
- Privacy Compliance Guide
- Report a Violation
Need Help with Missouri Compliance?
While Missouri lacks a comprehensive privacy law, businesses must still comply with data breach notification requirements, student data protections, and federal accessibility standards. Contact our experts for guidance on meeting your obligations.