MS HB1596

Requires money transmitters and virtual currency kiosk operators licensed under Mississippi's Money Transmission Modernization Act to develop, implement, and maintain comprehensive written information security programs with administrative, technical, and physical safeguards appropriate to their size and complexity

Mandates designation of a qualified individual responsible for overseeing the information security program, conducting written risk assessments identifying internal and external threats to customer information, and reporting annually to the board of directors or senior management

Requires notification to the Commissioner of Banking and Consumer Finance within 72 hours of discovering unauthorized acquisition of unencrypted customer information, with specific reporting requirements including number of affected consumers and description of the incident

Establishes data protection standards including encryption of customer information in transit and at rest, multi-factor authentication for system access, secure disposal of customer information within two years of last use, and annual penetration testing of information systems

Exempts licensees maintaining customer information on fewer than 5,000 consumers from certain requirements including written risk assessments, penetration testing schedules, incident response plans, and annual board reporting obligations