Introduction to Missouri Privacy Rights
Missouri residents navigate a complex privacy landscape shaped by both federal regulations and state-specific laws. Unlike comprehensive privacy states such as California or Virginia, Missouri has yet to enact broad consumer privacy legislation comparable to the California Consumer Privacy Act (CCPA). However, the Show-Me State maintains a patchwork of sector-specific privacy protections that cover data breaches, financial information, employee records, and certain consumer transactions.
Missouri's privacy framework centers primarily on data breach notification requirements under the Missouri Personal Information Protection Act and open government provisions through the Missouri Sunshine Law. The state also enforces targeted protections for specific industries, including financial services under the Missouri Merchandising Practices Act and health information beyond federal HIPAA requirements. Missouri residents enjoy constitutional privacy protections under Article I, Section 15 of the Missouri Constitution, which guarantees that "the people shall be secure in their persons, papers, homes and effects from unreasonable searches and seizures."
Compared to neighboring states, Missouri falls in the middle tier of privacy protections. While Illinois has established biometric privacy laws and Colorado has enacted comprehensive consumer data privacy legislation, Missouri maintains more limited statutory protections. However, Missouri's Sunshine Law provides robust public records access with meaningful privacy exemptions, and the state's courts have increasingly recognized common law privacy rights in tort cases. Missouri's approach reflects a balance between government transparency, business flexibility, and individual privacy—though consumer advocates continue pushing for more comprehensive data privacy legislation similar to laws recently passed in other states.
Missouri's State Privacy Laws
Missouri's privacy legal framework consists of several sector-specific statutes rather than one comprehensive privacy law. The most significant state privacy statute is the Missouri Personal Information Protection Act, codified in Revised Statutes of Missouri (RSMo) §§ 407.1500 through 407.1507. This law governs how businesses must handle personal information and respond to data breaches affecting Missouri residents.
Under RSMo § 407.1500(6), "personal information" is defined as an individual's first name or first initial and last name in combination with any one or more of the following: Social Security number, driver's license number, financial account numbers, or credit/debit card numbers with security codes. The statute requires entities that own or license personal information about Missouri residents to implement and maintain reasonable security measures to protect that data from unauthorized access, disclosure, or use.
The Missouri Data Breach Notification Law (RSMo § 407.1500) mandates specific response requirements when personal information is compromised. Any person or entity that owns or licenses personal information of Missouri residents must notify affected individuals "without unreasonable delay" following discovery of a breach. While the statute doesn't specify an exact timeframe, the notification must occur as expeditiously as possible and consistent with the needs of law enforcement. Notification must be made to the Missouri Attorney General if the breach affects more than 1,000 Missouri residents.
For employee privacy, Missouri law provides limited but important protections. Under RSMo § 285.575, employers are prohibited from requiring employees or job applicants to provide login credentials or access to personal social media accounts. This statute, enacted in 2014, makes it unlawful for employers to request passwords to personal online accounts or to require employees to add the employer or supervisor to their list of contacts on social networking sites. Violations can result in civil penalties and liability for damages.
Financial privacy in Missouri is governed by both federal laws and state statutes. The Missouri Merchandising Practices Act (RSMo § 407.010 et seq.) prohibits unfair and deceptive practices in trade or commerce, including mishandling of consumer financial information. Additionally, RSMo § 408.683 addresses financial privacy specifically for financial institutions, requiring them to maintain privacy policies and provide annual notices to customers regarding information-sharing practices, though this largely mirrors federal Gramm-Leach-Bliley Act requirements.
Missouri also protects biometric data under limited circumstances. While the state lacks comprehensive biometric privacy legislation like Illinois' Biometric Information Privacy Act, RSMo § 407.1500(5) includes biometric data within its definition of personal information when combined with identifying information, triggering data breach notification requirements.
The state's Motor Vehicle Records Privacy Act, RSMo § 301.137, restricts disclosure of personal information contained in motor vehicle records maintained by the Department of Revenue. This statute implements federal Driver's Privacy Protection Act requirements at the state level, limiting when and how information such as names, addresses, telephone numbers, and photographs from driver's licenses can be released.
Consumer credit information receives protection under RSMo § 408.683, which regulates credit reporting agencies operating in Missouri and complements federal Fair Credit Reporting Act protections. The statute requires credit reporting agencies to follow specific procedures for correcting inaccurate information and investigating consumer disputes.
Freedom of Information / Open Records in Missouri
Missouri's primary open records law is the Missouri Sunshine Law, codified in RSMo Chapter 610. This comprehensive statute establishes that meetings, records, votes, and other actions of public governmental bodies must be open to the public unless specifically exempted by law. The Sunshine Law reflects Missouri's constitutional commitment to government transparency while recognizing legitimate privacy interests.
Under RSMo § 610.010, the Sunshine Law applies to all public governmental bodies, defined as "any legislative, administrative or governmental entity created by the constitution or by state or local authority." This includes state agencies, county governments, municipalities, school districts, and other political subdivisions. The law presumes that all records maintained by public governmental bodies are open to the public unless a specific exemption applies.
To request public records in Missouri, citizens must submit a request to the custodian of records for the relevant governmental body. While RSMo § 610.023 doesn't require requests to be in writing, written requests are recommended for documentation purposes. The request should reasonably describe the records sought with sufficient specificity to allow the custodian to locate them. Requesters need not be Missouri residents, state their identity, or explain their reasons for requesting records.
Public governmental bodies must respond to Sunshine Law requests within three business days. Under RSMo § 610.023, the custodian must either provide access to the requested records, provide a detailed explanation of why the records are exempt from disclosure, or explain that additional time is needed to fulfill the request. If more time is needed, the custodian must explain the reason for the delay and provide the earliest time and place the records will be available.
The Sunshine Law includes numerous specific exemptions protecting personal privacy. RSMo § 610.021 lists closed records categories, including: personnel records relating to specific employees (except for certain employment information); medical records; individually identifiable student records; welfare records; tax records containing personal financial information; records related to security systems; and records that would constitute an unwarranted invasion of personal privacy. Social Security numbers are specifically protected under RSMo § 610.021(14).
Fee schedules for public records in Missouri are governed by RSMo § 610.026. Public governmental bodies may charge fees not to exceed the actual cost of document search and copying. Charges for staff time cannot exceed the hourly wage of the lowest-paid employee capable of performing the task. Research time exceeding one hour may be charged at actual cost. Copying fees must reflect actual costs, typically ranging from 10 to 25 cents per page for standard letter-size copies.
If a public governmental body denies a records request, the requester can appeal. The first step typically involves requesting the governmental body to reconsider its decision. If denied again, requesters can file suit in circuit court under RSMo § 610.027. Courts have authority to order disclosure and assess civil penalties and attorney's fees against governmental bodies that knowingly violate the Sunshine Law. Penalties can reach $1,000 for the first violation and $5,000 for subsequent violations.
HIPAA and Health Privacy in Missouri
The Health Insurance Portability and Accountability Act (HIPAA) establishes federal baseline protections for medical information, and these protections apply fully to covered entities operating in Missouri, including healthcare providers, health plans, and healthcare clearinghouses. HIPAA's Privacy Rule governs how protected health information (PHI) can be used and disclosed, while the Security Rule establishes standards for electronic PHI protection.
Missouri enhances federal HIPAA protections with additional state-level health privacy laws. Under RSMo § 191.227, healthcare providers and facilities must maintain confidentiality of medical records and can only release patient information with proper authorization or as specifically permitted by law. This statute applies broadly to hospitals, physicians, and other healthcare providers licensed in Missouri.
Mental health and substance abuse treatment records receive heightened protection under Missouri law. RSMo § 630.140 specifically protects records of patients receiving mental health services from the Department of Mental Health and related facilities. These records cannot be disclosed without written consent except in limited circumstances such as medical emergencies, court orders, or mandated reporting situations. Similarly, alcohol and drug abuse treatment records are protected under both federal 42 CFR Part 2 regulations and Missouri state law.
HIV/AIDS-related information receives special protection under RSMo § 191.656, which strictly limits disclosure of HIV test results and related information. Healthcare providers, laboratories, and other entities possessing HIV-related information can only disclose it with written authorization from the patient or as specifically permitted by statute, such as to the person tested, healthcare providers directly involved in treatment, or public health authorities as required by law.
Missouri residents can protect their medical records by understanding their rights under both HIPAA and state law. Patients have the right to access their own medical records under RSMo § 191.227 and can request copies, typically within a reasonable time period. Healthcare providers may charge reasonable fees for copying, not to exceed $22.68 for the first 10 pages and 57 cents per page thereafter, plus actual postage costs, under current Missouri regulations. Patients should submit written requests to their healthcare provider's medical records department and can file complaints with the Missouri Department of Health and Senior Services or the federal Office for Civil Rights if their rights are violated.
Consumer Data Privacy Rights
Missouri currently lacks comprehensive consumer data privacy legislation comparable to the California Consumer Privacy Act or similar laws in Virginia, Colorado, and Connecticut. This means Missouri residents do not have statutory rights to access, delete, or opt out of the sale of personal information collected by most private businesses. However, consumer advocates and state legislators have introduced various privacy bills in recent sessions, though none have yet been enacted into law.
Despite the absence of comprehensive privacy legislation, Missouri residents retain certain consumer data rights under existing statutes and federal laws. The Missouri Merchandising Practices Act (RSMo § 407.010 et seq.) prohibits deceptive practices regarding data collection and use. If a company violates its own privacy policy or misrepresents how it collects or uses consumer data, the Missouri Attorney General can pursue enforcement action under this statute. Consumers may also have private rights of action for deceptive trade practices.
For specific types of data, Missouri residents have targeted rights. Under RSMo § 285.575, individuals have the right to refuse to provide social media login credentials to employers or prospective employers. The state's data breach notification law (RSMo § 407.1500) gives consumers the right to be notified when their personal information has been compromised, enabling them to take protective measures such as credit monitoring or fraud alerts.
Missouri residents possess robust rights under the federal Fair Credit Reporting Act (FCRA) regarding credit reporting agencies. Consumers can request free annual credit reports from each of the three major credit bureaus through AnnualCreditReport.com. Under 15 U.S.C. § 1681, Missouri residents have the right to dispute inaccurate information on their credit reports, and credit reporting agencies must investigate disputes within 30 days. Missouri residents can also place fraud alerts or credit freezes on their credit files.
To remove personal information from data broker websites, Missouri residents must typically opt out from each site individually, as no state law currently requires data brokers to honor universal opt-out requests. Major people-search sites like Spokeo, Whitepages, BeenVerified, and Intelius each maintain separate opt-out processes, usually accessible through their websites. The process typically involves locating your listing, submitting an opt-out request with verification, and waiting 24-72 hours for removal. However, information may reappear if data brokers acquire updated information from public records or other sources.
Missouri residents seeking to minimize their digital footprint should also exercise opt-out rights under federal laws. The Federal Trade Commission's Do Not Call Registry (donotcall.gov) allows consumers to reduce unwanted telemarketing calls. Under the CAN-SPAM Act, consumers can opt out of commercial email communications. Additionally, the National Advertising Initiative (networkadvertising.org) and Digital Advertising Alliance (optout.aboutads.info) provide opt-out mechanisms for targeted online advertising.
Credit freeze rights provide Missouri consumers with powerful protection against identity theft. Under RSMo § 407.1380, consumers have the right to place, temporarily lift, or remove a security freeze on their credit reports. Credit reporting agencies cannot charge fees for placing, lifting, or removing freezes. A credit freeze prevents credit reporting agencies from releasing credit reports without the consumer's authorization, effectively blocking identity thieves from opening new accounts.
Employment Background Checks & Privacy in Missouri
Missouri employers conducting background checks on job applicants and employees must comply with both federal Fair Credit Reporting Act requirements and Missouri-specific employment laws. Under the FCRA (15 U.S.C. § 1681 et seq.), employers using third-party consumer reporting agencies for background checks must obtain written authorization from applicants, provide pre-adverse action notices if negative information may lead to an employment decision, and provide final adverse action notices if employment is denied based on the report.
Missouri does not have a statewide "ban-the-box" law prohibiting employers from inquiring about criminal history on initial job applications. However, certain Missouri municipalities have enacted their own regulations. The City of Columbia adopted an ordinance prohibiting employers with 10 or more employees from inquiring about criminal history until after an initial interview. Kansas City has similar restrictions for city contractors and employers with city contracts. Private employers in most of Missouri can ask about criminal history at any point in the hiring process.
Under Missouri law, certain criminal records become unavailable for employment background checks after specific time periods. RSMo § 610.120 allows individuals to petition for expungement of criminal records under qualifying circumstances. Eligible offenses include certain misdemeanors after three years from completion of sentence, some felonies after seven years, and arrests that did not lead to conviction or were dismissed. Once a record is expunged, the individual may deny the arrest or conviction occurred, and the expunged records should not appear on most background checks.
Missouri employers cannot access sealed or expunged records for employment decisions. Additionally, under RSMo § 43.540, the Missouri State Highway Patrol's criminal history repository only reports convictions and pending charges; arrests that did not result in conviction or are more than 30 days old without disposition are generally not included unless the arrest is still pending adjudication.
Certain sensitive records receive heightened privacy protection in employment contexts. Under RSMo § 191.656, employers cannot discriminate based on HIV status, and HIV test results cannot be required as a condition of employment except in very limited circumstances. Genetic information is protected under both federal law (Genetic Information Nondiscrimination Act) and Missouri's genetic testing privacy provisions.
Missouri employees and job applicants who discover inaccurate information on their background checks have specific dispute rights. Under the FCRA, individuals can dispute inaccurate information directly with the consumer reporting agency, which must investigate within 30 days. If the investigation doesn't resolve the dispute, consumers can add a statement of dispute to their file. Individuals can also correct inaccurate criminal records by contacting the Missouri State Highway Patrol's Criminal Justice Information Services Division and providing documentation of the error, such as court records showing dismissal or expungement.
For FBI background checks (conducted for certain licensed positions), Missouri residents can challenge inaccurate information through the FBI's Identity History Summary Request process, which allows individuals to obtain their own criminal history records and dispute errors. The Missouri State Highway Patrol also maintains procedures for challenging and correcting state-level criminal history information.
Protecting Yourself in Missouri
Missouri residents can take concrete steps to protect their privacy and minimize their exposure in public records and online databases. This practical guide provides actionable strategies for reducing your digital footprint and securing personal information.
Step 1: Freeze Your Credit Reports
Contact all three major credit bureaus to place security freezes on your credit files. For Equifax, call 800-349-9960 or visit equifax.com/personal/credit-report-services; for Experian, call 888-397-3742 or visit experian.com/freeze; for TransUnion, call 888-909-8872 or visit transunion.com/credit-freeze. Under RSMo § 407.1380, credit bureaus cannot charge Missouri residents for placing, lifting, or removing freezes. You'll receive a PIN or password to temporarily lift the freeze when applying for legitimate credit. Also freeze your file with Innovis (innovis.com) and the National Consumer Telecom & Utilities Exchange (nctue.com).
Step 2: Opt Out of People-Search Websites
Systematically remove your information from major data broker sites. Start with high-traffic sites: Spokeo (spokeo.com/optout), Whitepages (whitepages.com/suppression-requests), BeenVerified (beenverified.com/faq/opt-out), Intelius (intelius.com/optout), PeopleFinders (peoplefinders.com/manage), MyLife (mylife.com/privacy-policy), and TruthFinder (truthfinder.com/opt-out). Each site has different opt-out procedures, typically requiring you to locate your listing, submit the opt-out form, and verify via email. Document your requests and check back quarterly, as information may reappear from updated public records.
Step 3: Request Record Sealing or Expungement
If you have eligible criminal records, petition for expungement under RSMo § 610.140. Determine eligibility: certain misdemeanors after three years, qualifying felonies after seven years, or arrests without conviction. File a petition in the court where the case originated, including certified copies of your criminal record from the Missouri State Highway Patrol (available at machs.mshp.dps.mo.gov). The petition must list all agencies with records (courts, prosecutors, police departments, Highway Patrol). Courts charge filing fees (typically $100-$250 depending on county), though fee waivers may be available for indigent petitioners. Consider consulting an attorney, as the process requires specific legal documentation.
Step 4: Remove Information from Missouri Public Records Websites
Missouri's Sunshine Law requires government transparency, but some information can be restricted. Contact county recorders to request redaction of sensitive information from recorded documents where permitted (such as Social Security numbers from improperly filed documents). For real property records, Missouri law doesn't generally allow removal of legitimate recorded documents, but you can file a request with your county recorder's office to redact Social Security numbers under RSMo § 59.319. Contact the Missouri State Highway Patrol to correct errors in criminal history records.
Step 5: Protect Future Information
When recording documents with county recorders, use a PO Box or attorney's address rather than your home address where legally permissible. Register with the Missouri Address Confidentiality Program if you're a victim of domestic violence, sexual assault, or stalking (contact the Missouri Attorney General's Office at 573-751-3321). Opt out of marketing lists through the Direct Marketing Association's DMAchoice.org. Register phone numbers at donotcall.gov and opt out of prescreened credit offers at optoutprescreen.com.
Step 6: Monitor for Data Breaches
Enroll in free services that monitor for data breaches, such as Have I Been Pwned (haveibeenpwned.com). Missouri's data breach notification law requires companies to notify affected residents, but proactive monitoring provides earlier detection. Check your credit reports quarterly through AnnualCreditReport.com (you're entitled to one free report per bureau annually, but can stagger requests quarterly). Set up fraud alerts with credit bureaus if you suspect identity theft.
Step 7: Contact Relevant Missouri Agencies
For specific privacy concerns, contact these agencies: Missouri Attorney General's Consumer Protection Division (800-392-8222) for consumer privacy violations; Missouri Department of Health and Senior Services (573-751-6400) for health privacy complaints; Missouri State Highway Patrol's Criminal Records Division (573-526-6153) for criminal record corrections; and county circuit courts for expungement proceedings. Document all communications and keep copies of correspondence.
Missouri Data Breach Notification Requirements
Missouri's data breach notification law, codified in RSMo §§ 407.1500 through 407.1507, establishes specific requirements for entities that experience unauthorized access to personal information of Missouri residents. Understanding these requirements helps consumers know when they should receive notification and what protections apply.
Under RSMo § 407.1500(2), a "breach of the security of the system" means unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of personal information. The definition excludes good-faith acquisition by employees or agents if the information isn't used for unlawful purposes or subject to further unauthorized disclosure.
Any person or business that "owns or licenses" personal information of Missouri residents must provide notification of breaches. This obligation extends broadly to businesses, government agencies, educational institutions, and nonprofits that maintain personal information about Missouri residents, regardless of where the entity is located. Third-party service providers (those who maintain but don't own the data) must notify the data owner of any breach, after which the owner bears responsibility for notifying affected individuals.
The notification timeline under Missouri law requires disclosure "without unreasonable delay." While the statute doesn't specify an exact number of days, RSMo § 407.1500(2) states notification must be made "as expeditiously as possible and without unreasonable delay, consistent with the legitimate needs of law enforcement and consistent with any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system." This standard typically means notification within 30-45 days, though law enforcement investigations may justify delays if a specific written request is made.
Notification must be provided directly to affected Missouri residents and must include specific information. Under RSMo § 407.1500(4), the notice must be clear and conspicuous, written in plain language, and include: a description of the incident in general terms; the type of personal information compromised; general actions taken to protect the information from further unauthorized access; a telephone number for further information and assistance; and advice to remain vigilant by reviewing account statements and monitoring credit reports.
When a breach affects more than 1,000 Missouri residents, RSMo § 407.1500(2) requires the entity to also notify the Missouri Attorney General's office. This notification must include the same information provided to affected individuals and should be sent without unreasonable delay. Additionally, if a breach requires notification to more than 1,000 Missouri residents, the entity must notify all consumer reporting agencies of the timing, distribution, and content of the notices.
Substitute notice procedures apply when direct notification would be cost-prohibitive or the entity lacks sufficient contact information. If the cost of notification exceeds $100,000, the affected class exceeds 150,000 persons, or the entity lacks sufficient contact information, substitute notice is permitted through: conspicuous posting on the entity's website for at least 30 days; notification to major statewide media; and notification to the Attorney General's office.
Penalties for violations of Missouri's data breach notification law can be significant. The Missouri Attorney General can bring civil actions for violations under RSMo § 407.1500(7). While the statute doesn't specify a private right of action, the Attorney General has authority to seek civil penalties, injunctive relief, and other remedies under the Missouri Merchandising Practices Act. Additionally, failure to implement reasonable security measures or provide required notifications may expose entities to common law negligence claims and potential liability for damages suffered by affected individuals.
Children's Privacy in Missouri
Children's privacy receives protection through both federal laws that apply in Missouri and state-specific regulations. The federal Children's Online Privacy Protection Act (COPPA), enforced by the Federal Trade Commission, applies to operators of commercial websites and online services directed to children under 13. COPPA requires parental consent before collecting, using, or disclosing personal information from children, and mandates reasonable data security practices.
Missouri businesses and organizations operating websites or online services must comply with COPPA if they target children under 13 or have actual knowledge they're collecting information from children in that age group. COPPA compliance requires posting clear privacy policies, obtaining verifiable parental consent before collecting children's information, allowing parents to review and delete their children's information, and maintaining reasonable security for collected data. Missouri-based operators who violate COPPA face FTC enforcement actions and civil penalties up to $43,280 per violation.
Educational records in Missouri receive protection under the federal Family Educational Rights and Privacy Act (FERPA), which applies to all schools receiving federal funding. Under FERPA (20 U.S.C. § 1232g), parents have the right to inspect and review their children's education records, request corrections to inaccurate information, and control disclosure of personally identifiable information from education records. When students reach age 18 or attend postsecondary institutions, FERPA rights transfer to the students themselves.
Missouri supplements FERPA protections with state-level student privacy requirements. Under RSMo § 160.775, the Missouri Department of Elementary and Secondary Education must maintain student data in a longitudinal data system with specific privacy protections. The statute prohibits sharing individual student data with federal agencies except as required by federal law, and restricts use of Social Security numbers as student identifiers. School districts must annually notify parents of their rights regarding student data privacy.
Missouri's student privacy protections extend to prohibiting collection of certain information. RSMo § 170.051 restricts surveys, analyses, or evaluations that reveal information concerning political affiliations, mental or psychological problems, sexual behavior, illegal behavior, critical appraisals of family members, privileged relationships, religious practices, or income, unless the school obtains prior written parental consent. Parents have the right to inspect such surveys and opt their children out of participation.
The Missouri Attorney General's office provides resources for parents concerned about their children's privacy and can investigate violations of state privacy protections affecting minors. Parents should regularly discuss online safety with children, review privacy settings on social media platforms, and monitor their children's digital activities to protect privacy beyond what legal protections provide.
Frequently Asked Questions About Missouri Privacy Rights
Does Missouri have a comprehensive consumer data privacy law like California's CCPA?
No, Missouri currently does not have comprehensive consumer data privacy legislation comparable to the California Consumer Privacy Act or similar laws in Virginia, Colorado, Connecticut, and Utah. While several privacy bills have been introduced in the Missouri General Assembly in recent sessions, none have been enacted into law as of 2024. Missouri residents lack statutory rights to access, delete, or opt out of the sale of personal information held by most private businesses. However, Missouri does maintain sector-specific privacy protections, including data breach notification requirements, financial privacy regulations, and employment privacy rules. Privacy advocates continue pushing for comprehensive legislation, so Missouri residents should monitor legislative developments.
How do I obtain my criminal record in Missouri and correct errors?
To obtain your criminal record in Missouri, submit a fingerprint-based background check request to the Missouri State Highway Patrol's Criminal Justice Information Services Division. You can complete the process online through the Missouri Automated Criminal History Site (MACHS) at machs.mshp.dps.mo.gov or by mail to Missouri State Highway Patrol, CJIS Division, P.O. Box 9500, Jefferson City, MO 65102-9500. The fee is $14 for state records and $20 for FBI records. To correct errors, submit a Challenge Form (available on the MACHS website) along with supporting documentation such as court records, dismissal orders, or expungement certificates. The Highway Patrol will investigate and update records accordingly. For federal records, use the FBI's Identity History Summary Request process.
What is the Missouri Sunshine Law and how do I request public records?
The Missouri Sunshine Law (RSMo Chapter 610) is the state's open records and open meetings law, requiring governmental bodies to make most records and meetings accessible to the public. To request public records, contact the custodian of records for the relevant government agency (county clerk, city clerk, agency records officer, etc.) and describe the records you seek with reasonable specificity. While written requests aren't legally required, they're recommended for documentation. The agency must respond within three business days by either providing the records, explaining why they're exempt, or stating when they'll be available. Fees cannot exceed actual costs for searching and copying. If your request is denied, you can appeal to circuit court under RSMo § 610.027.
Can I expunge or seal my criminal record in Missouri?
Yes, Missouri law allows expungement of certain criminal records under RSMo § 610.140. Eligible offenses include: municipal ordinance violations and infractions after completion of sentence; certain misdemeanors after three years from completion of sentence; some felonies after seven to ten years (depending on the offense); and arrests that didn't result in conviction or were dismissed. You cannot expunge Class A felonies, dangerous felonies, sex offenses requiring registration, or offenses involving child victims. To petition for expungement, file in the court where your case was heard, including certified copies of your criminal record, a list of all agencies with records, and applicable filing fees. The court holds a hearing and, if granted, orders all records closed. Once expunged, you may legally deny the arrest or conviction occurred except when applying for law enforcement positions.
How quickly must companies notify me of a data breach in Missouri?
Under Missouri's data breach notification law (RSMo § 407.1500), companies must notify affected individuals "without unreasonable delay" and "as expeditiously as possible" after discovering a breach of personal information. While the statute doesn't specify an exact number of days, notification must be consistent with law enforcement needs and measures necessary to determine the breach's scope. In practice, this typically means 30-45 days, though legitimate law enforcement investigations may justify delays. Companies must also notify the Missouri Attorney General if more than 1,000 Missouri residents are affected. If you haven't received notification but suspect your information was compromised in a publicized breach, contact the company directly to inquire about your status and available protections such as credit monitoring.
What employment information can employers access about me in Missouri?
Missouri employers can access considerable employment-related information, but with important limitations. Employers can obtain criminal history records showing convictions and pending charges but not arrests that didn't result in prosecution or were dismissed (unless still pending). Expunged or sealed records should not appear and cannot legally be considered. Employers using third-party background check companies must comply with the Fair Credit Reporting Act, including obtaining written authorization and providing pre- and post-adverse action notices. Employers cannot require you to provide social media passwords or add supervisors to personal social media accounts under RSMo § 285.575. Credit reports can be obtained only with written authorization and for positions involving financial responsibility. Medical information, genetic data, and HIV status are protected and generally cannot be required. Missouri has no statewide ban-the-box law, so most employers can ask about criminal history on applications, though Columbia and Kansas City have local restrictions.
How can I remove my information from people-search websites?
Removing information from people-search websites requires opting out from each site individually, as Missouri has no law requiring data brokers to honor universal opt-out requests. Start with major sites: Spokeo (spokeo.com/optout), Whitepages (whitepages.com/suppression-requests), BeenVerified (beenverified.com/faq/opt-out), Intelius (intelius.com/optout), PeopleFinders (peoplefinders.com/manage), MyLife (mylife.com/privacy-policy), TruthFinder (truthfinder.com/opt-out), Radaris (radaris.com/control/remove), and USSearch (ussearch.com/opt-out). Each site has different procedures, typically requiring you to locate your listing, submit an opt-out form, and verify via email. The process takes 24-72 hours per site. Information may reappear as data brokers continuously acquire new data from public records, so check quarterly and resubmit opt-outs as needed. Consider using privacy services that automate opt-out submissions, though these typically charge fees.
What are my rights regarding medical records privacy in Missouri?
Missouri residents' medical records are protected by both federal HIPAA regulations and state law. Under HIPAA, you have the right to access your medical records, request corrections to inaccurate information, receive an accounting of disclosures, and request restrictions on how your information is used. Missouri law (RSMo § 191.227) provides additional protections, requiring healthcare providers to maintain confidentiality and obtain authorization before releasing records except in specific circumstances. You can request copies of your records, and providers may charge reasonable fees (typically not exceeding $22.68 for the first 10 pages and 57 cents per page thereafter, plus postage). Mental health records (RSMo § 630.140) and HIV/AIDS information (RSMo § 191.656) receive heightened protection. To file complaints about medical privacy violations, contact the Missouri Department of Health and Senior Services at 573-751-6400 or the federal Office for Civil Rights at 800-368-1019.