Missouri

Privacy Law Status

Comprehensive Privacy Law

Missouri currently does not have a comprehensive data privacy law in effect[1][2]. Unlike states such as California, Virginia, and Colorado, Missouri residents do not have broad statutory rights to control how businesses collect, use, and share their personal information. The state relies primarily on existing consumer protection laws and federal regulations to address privacy concerns.

Missouri’s consumer protection framework is built around the Missouri Merchandising Practices Act, which the Attorney General’s Office uses to address deceptive business practices, including some data misuse cases[3][4]. However, this provides significantly less comprehensive protection than dedicated privacy legislation.

As of January 1, 2026, the Insurance Data Security Act (House Bill 974) will take effect, imposing data security and breach notification requirements specifically for insurers and licensed entities[5][6][7].

Legislative Activity

Several comprehensive privacy bills have been introduced in Missouri’s legislature but have failed to become law. In 2024, both Senate Bill 731 and Senate Bill 1501 were introduced but died in committee[8][9]. SB 731 would have created consumer rights similar to other state privacy laws, including rights to access, delete, and opt out of personal data sales[10][11]. SB 1501 focused specifically on website operators and would have required revenue sharing with consumers whose data is sold[10].

The 2024 legislative session saw historically low bill passage, with only 28 bills passed overall[12]. Missouri’s biometric privacy legislation, House Bill 1584, did become law and is effective August 28, 2024, establishing biometric data protection requirements in Missouri[13].

Despite the lack of a comprehensive consumer privacy law, the passage of the Insurance Data Security Act indicates ongoing legislative interest in sector-specific privacy protections[5][6].

Implementation Timeline

Missouri does not currently have any comprehensive privacy legislation scheduled to take effect. While other states have privacy laws taking effect throughout 2025 and 2026, Missouri has not enacted similar legislation[14][2]. The failed legislative attempts suggest that comprehensive privacy protection may require future legislative sessions to achieve passage.

Missouri does have some existing privacy protections that are currently in effect, including data breach notification requirements and consumer protection enforcement through the Attorney General’s Office[2][3]. Additionally, the Insurance Data Security Act will impose new requirements on insurers starting January 1, 2026[5][6].

Your Rights as a Missouri Resident

Missouri residents currently have limited specific privacy rights compared to residents of states with comprehensive privacy laws. Your rights are primarily protected through general consumer protection laws and federal regulations.

Right to breach notification – Businesses must notify you “without unreasonable delay” if your personal information is compromised in a data breach[2]
Right to file consumer complaints – You can file complaints with the Missouri Attorney General’s Office about businesses that mishandle your personal information[3][4]
Right to healthcare data protection – Medical information is protected under federal HIPAA regulations, which apply to healthcare providers and related businesses[2]
Right to protection from deceptive practices – The Missouri Merchandising Practices Act provides some recourse if businesses engage in deceptive practices related to data handling[3]
Limited website privacy notice rights – Missouri has no comprehensive website privacy notice law as of 2025, though some federal or sector-specific rules may apply[2]

Unlike residents of states with comprehensive privacy laws, Missouri residents do not currently have guaranteed rights to know what personal data businesses collect, request deletion of their information, or opt out of data sales to third parties.

Business Requirements

Missouri businesses face limited specific data privacy requirements compared to those operating in states with comprehensive privacy laws.

Data breach notification – Must notify affected residents without unreasonable delay if personal information is compromised, and notify the Attorney General if over 1,000 individuals are affected[2]
Healthcare data compliance – Organizations handling medical records must comply with federal HIPAA requirements[2]
General consumer protection compliance – Must avoid deceptive practices under the Missouri Merchandising Practices Act, including truthful representation of data handling practices[3]
Website privacy notices – Some requirements exist for websites to disclose categories of personal information collected, whether information will be sold or shared, and data retention periods[2]
Limited penalties – Current Missouri law provides for civil penalties of up to $150,000 per breach for willful and knowing violations of data breach notification requirements. The Insurance Data Security Act may introduce additional enforcement mechanisms for insurers[5]

Practical Impact

Limited daily privacy protection – Missouri residents have fewer tools to control how businesses collect and use their personal information compared to residents of states like California or Virginia
Complaint-based enforcement – Protection relies heavily on filing complaints with the Attorney General’s Office, which mediates disputes and investigates potential fraud[3][4]
Breach notification provides some security – You will be notified if your personal information is compromised, allowing you to take protective steps[2]
Federal law protections apply – Healthcare information, financial data, and some other categories receive protection under federal laws regardless of Missouri state law
Business accountability gaps – Without comprehensive privacy law, businesses have fewer obligations to be transparent about data collection and sharing practices

Comparison Context

Behind leading privacy states – Missouri lacks the comprehensive consumer rights available in California (CCPA/CPRA), Virginia (VCDPA), Colorado (CPA), and other states with modern privacy laws[14]
Missing key consumer rights – Unlike residents of privacy law states, Missouri residents cannot easily access their data, request deletion, or opt out of data sales[14]
No private right of action – Even proposed Missouri bills would not have allowed individuals to sue companies directly for privacy violations, relying instead on Attorney General enforcement[10][11]
Limited business obligations – Missouri businesses face fewer data protection requirements than those in states with comprehensive privacy frameworks
Enforcement gaps – Without dedicated privacy law enforcement mechanisms, protection depends on general consumer protection authority

Action Steps for Residents

Monitor your data – Regularly check privacy policies of services you use and be selective about sharing personal information
Use available federal protections – Take advantage of rights under federal laws like HIPAA for healthcare information and fair credit reporting laws for financial data
File complaints when appropriate – Report businesses that mishandle personal information to the Missouri Attorney General’s Consumer Protection Division
Contact your legislators – Advocate for comprehensive privacy legislation by contacting your state representatives about the importance of privacy protections
Stay informed about legislative developments – Monitor proposed privacy legislation in Missouri and support bills that would strengthen consumer privacy rights
Use privacy tools – Employ browser privacy settings, opt out of data broker services where possible, and use privacy-focused alternatives to data-intensive services

Official Resources and Contact Information

Missouri Legislature

Contact your state legislators to advocate for comprehensive privacy legislation. You can find your specific representatives using the Missouri General Assembly’s legislator lookup tool.

Missouri General Assembly: https://www.legislature.mo.gov/

Find Your Legislators: https://www.house.mo.gov/legislatorlookup.aspx

Missouri Senate Directory: https://www.senate.mo.gov/Senators/Directory

Consumer Protection and Complaints

The Missouri Attorney General’s Office handles consumer protection issues and complaints about business practices, including data misuse.

Missouri Attorney General’s Office:
207 W. High St., P.O. Box 899
Jefferson City, MO 65102
Phone: (573) 751-3321

Consumer Protection Hotline: 1-800-392-8222

File a Consumer Complaint: https://ago.mo.gov/get-help/programs-services-from-a-z/consumer-complaints/

Email: consumer.help@ago.mo.gov

Legislative Information and Bill Tracking

Track privacy-related legislation and committee activity in the Missouri legislature.

Missouri Senate Bills and Information: https://www.senate.mo.gov/

Bill Tracking and Status: https://www.legislature.mo.gov/billtracking

General State Government Contact

Governor’s Office: https://gov.mo.gov/contact
Phone: (573) 751-3222

Find All Missouri Elected Officials: https://www.sos.mo.gov/elections/candidates/candidateInfo

Sources and Citations

[1] www.centraleyes.com/privacy-laws/missouri

[2] mcdowellrice.com/data-privacy

[3] ago.mo.gov/get-help/programs-services-from-a-z/consumer-complaints/top-10-user-complaints

[4] ago.mo.gov/get-help/programs-services-from-a-z/consumer-complaints

[5] www.fisherphillips.com/en/news-insights/missouri-adopts-new-data-breach-notice-law-for-insurers.html

[6] www.senate.mo.gov/24info/bts_web/Bill.aspx?BillID=222

[7] databreaches.net/2025/07/18/missouri-adopts-new-data-breach-notice-law

[8] legiscan.com/MO/bill/SB731/2024

[9] legiscan.com/MO/bill/SB1501/2024

[10] www.wilmerhale.com/en/insights/blogs/wilmerhale-privacy-and-cybersecurity-law/20240307-state-comprehensive-privacy-law-update

[11] www.wilmerhale.com/en/insights/blogs/wilmerhale-privacy-and-cybersecurity-law/20240118-state-comprehensive-privacy-law-update-january-18-2024

[12] empowermissouri.org/2024-session-draws-to-a-close-with-historically-low-bill-passage

[13] app.legiplex.com/lpx/bill/420177

[14] www.lewisrice.com/u-s-state-privacy-laws

Last Updated August 2025. Written with contributions from both human authors and Perplexity AI. If you find incorrect or outdated information let us know at support@optery.com.