Mississippi is one of the shrinking number of states that has not yet enacted a comprehensive consumer data privacy law. While several bills have been introduced in recent legislative sessions, none have crossed the finish line. That said, Mississippi residents are not entirely without protection — a data breach notification law, a new data security statute for financial services, and federal regulations provide a patchwork of coverage. Here is what you need to know about the current state of privacy law in Mississippi and what you can do to protect yourself.
No Comprehensive Privacy Law Yet
As of mid-2026, Mississippi does not have a sweeping consumer privacy statute comparable to Virginia's VCDPA or California's CCPA. Residents do not currently have state-level rights to access, delete, or correct personal data held by businesses, nor can they opt out of the sale of their personal information under Mississippi law.
This puts Mississippi behind a growing majority of states. With more than 20 states now having comprehensive privacy laws on the books, the gap in consumer protection for Mississippians is becoming increasingly conspicuous.
Recent Legislative Efforts
Mississippi lawmakers have signaled interest in addressing this gap. Two notable bills were introduced during the 2025 legislative session:
SB 2500 — Mississippi Consumer Data Protection Act (MCDPA)
Senate Bill 2500 proposed creating a Virginia-style privacy framework for Mississippi. The bill would have granted consumers the right to access, correct, delete, and port their personal data, as well as the right to opt out of targeted advertising, data sales, and profiling. It applied to businesses processing the data of a specified number of Mississippi consumers or deriving a significant percentage of revenue from data sales.
SB 2779
A separate but similar bill, SB 2779, also introduced consumer data protections with comparable scope. Like SB 2500, it drew from the model established by other southeastern states that have passed privacy legislation.
Neither bill advanced to a floor vote. Privacy advocates remain hopeful that one or both bills — or a revised version — will be reintroduced in a future session, especially as neighboring states continue to pass their own laws.
What Would the MCDPA Have Given You?
Had SB 2500 passed, Mississippi residents would have gained the right to know what personal data businesses collect about them, request its deletion, opt out of data sales and targeted advertising, and appeal a business's refusal to act on a request. These are rights that consumers in more than 20 other states already enjoy.
Mississippi's Data Breach Notification Law
The most significant existing data privacy regulation in Mississippi is the Data Breach Notification Law, codified at Miss. Code Ann. § 75-24-29. This law requires businesses and government entities that experience a data breach involving the personal information of Mississippi residents to notify affected individuals.
Key provisions include:
- Covered data: The law protects "personal information," which includes a person's name combined with Social Security numbers, driver's license numbers, or financial account numbers with access credentials.
- Notification requirement: Entities must notify affected Mississippi residents without unreasonable delay after discovering the breach.
- Attorney General notification: If a breach affects more than a specified number of residents, the entity must also notify the Mississippi Attorney General.
- Enforcement: The Attorney General has authority to enforce violations under the Mississippi Consumer Protection Act.
While this law is an important baseline, it is reactive rather than proactive — it only kicks in after your data has already been compromised.
Data Security for Money Transmitters Act (HB 1596)
In April 2026, Governor Tate Reeves signed HB 1596, the Data Security for Money Transmitters Act, into law. The act takes effect on July 1, 2026, and imposes cybersecurity requirements on licensed money transmitters operating in Mississippi.
Under HB 1596, money transmitters must:
- Develop and maintain a comprehensive information security program
- Conduct regular risk assessments of their data handling practices
- Implement safeguards to protect customer personal and financial information
- Report security incidents to the Mississippi Department of Banking and Consumer Finance
This is a sector-specific law and does not extend to the general public's interactions with other types of businesses. However, it does represent a step forward in Mississippi's approach to data security regulation.
The Federal Safety Net Has Limits
Without a comprehensive state privacy law, Mississippi residents must rely heavily on federal statutes like the Fair Credit Reporting Act (FCRA), the Telephone Consumer Protection Act (TCPA), and CAN-SPAM for privacy protection. These laws cover specific areas — credit reports, telemarketing, and email spam — but leave vast categories of personal data collection entirely unregulated. Data brokers, people-search websites, and ad-tech companies can collect and sell your information with very few restrictions under federal law.
How Mississippi Compares to Neighboring States
Mississippi's lack of a comprehensive privacy law stands in contrast to several of its neighbors. Tennessee enacted the Tennessee Information Protection Act (TIPA) effective July 1, 2025. Louisiana's privacy law is set to take effect in 2026. Alabama passed the Alabama Personal Data Protection Act in April 2026. Mississippi is increasingly isolated in the Southeast as a state without meaningful consumer data privacy legislation.
This disparity matters. If you live in Mississippi but do business with companies based in states with stronger laws, you may be able to exercise some rights under those states' statutes — particularly the CCPA, which some large companies extend to all U.S. residents for simplicity. But this is not guaranteed, and the protections are inconsistent.
What You Can Do Right Now
The absence of a comprehensive state privacy law does not mean you are powerless. There are concrete steps Mississippi residents can take today to protect their personal information:
- Opt out of data brokers manually: Sites like Spokeo, BeenVerified, Whitepages, and PeopleFinder publish your name, address, phone number, and more. You can submit removal requests directly, though the process is time-consuming and data often reappears.
- Freeze your credit: Contact Equifax, Experian, and TransUnion to place a free credit freeze, preventing new accounts from being opened in your name.
- Use privacy-focused tools: Consider a privacy-focused browser, a VPN, and a password manager to reduce the amount of data collected about you online.
- Leverage other states' laws: Submit CCPA deletion requests to large companies that operate in California — many will honor them regardless of your state of residence.
- Monitor for breaches: Use dark web monitoring to find out if your personal data has been exposed in a data breach.
Protect Yourself Without Waiting for Legislation
PrivacyOn helps Mississippi residents take control of their personal data right now. PrivacyOn continuously removes your information from 100+ data broker sites, monitors the dark web for exposed credentials, and sends you alerts when your data surfaces in new places. With plans starting at just $8.33 per month and family coverage for up to 5 people, you do not have to wait for Mississippi to pass a privacy law to start protecting yourself and your family.
Looking Ahead
The momentum toward a Mississippi consumer privacy law continues to build. As more states pass comprehensive legislation — and as public awareness of data privacy issues grows — the pressure on Mississippi lawmakers to act will only increase. In the meantime, staying informed and taking proactive steps to limit your data exposure is the best defense available to Mississippi residents.
Whether comprehensive privacy legislation arrives in 2027 or later, the fundamentals of personal data protection remain the same: minimize what you share, monitor where your data appears, and act quickly to remove it when it surfaces in places it should not be.