Missouri: HB 62 includes many provisions that are similar to other state laws requiring notice to individuals when the security of their personal information has been compromised. For example, HB 62 includes a “material risk of harm” trigger. In other words, a business is not required to notify Missouri residents if, after an appropriate investigation or consultation with relevant law enforcement authorities, the business determines that identity theft is not likely to result from the breach. In addition, a business is not required to notify state residents if the personal information compromised was encrypted. Like some other state laws, HB 62 also requires notice to the Missouri Attorney General and national consumer reporting agencies if more than 1,000 Missouri residents are notified, and allows the Attorney General to seek actual damages or civil penalties from persons that fail to comply with the law.

On February 12, 2009, the FTC issued its long-anticipated Staff Report on Self-Regulatory Principles for Online Behavioral Advertising. The revised Self-Regulatory Principles are the result of a year of study of the more than 60 comments provided by industry, advocacy organizations, academics, and individual consumers in response to the FTC’s proposed self-regulatory principles issued in late 2007.