Kentucky is the 47th state, along with the District of Columbia, Guam, Puerto Rico and the Virgin Islands, to enact a data breach notification law requiring business entities to notify individuals of security breaches involving personally identifiable information. Kentucky’s law also aims to protect student data by imposing new limits on cloud service providers.
House Bill 232, signed into law by Governor Steve Beshear earlier this month, requires any entity transacting business in Kentucky that reasonably believes a data breach has caused or will cause identity theft or fraud to notify all affected Kentucky residents whose personally identifiable information is or may be compromised. The Kentucky law defines personally identifiable information as “an individual’s first name or first initial and last name” in combination with one of the following three elements: (1) Social Security number; (2) driver’s license number; (3) account number, credit or debit number, in combination with any required security code, access code, or password permit access to an individual’s financial account.
Please see full alert below for more information.
Firefox recommends the PDF Plugin for Mac OS X for viewing PDF documents in your browser.
We can also show you Legal Updates using the Google Viewer; however, you will need to be logged into Google Docs to view them.
Please choose one of the above to proceed!
LOADING PDF: If there are any problems, click here to download the file.
Topics: Breach Notification Rule, Cloud-Based Services, Data Breach, Personally Identifiable Information, Students
Published In: General Business Updates, Consumer Protection Updates, Education Updates, Privacy Updates, Science, Computers & Technology Updates
DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.
© King & Spalding | Attorney Advertising