Kentucky Enacts Data Breach Notification Laws

On April 10, 2014, Kentucky became the 47th state to enact data breach notification laws. The new Kentucky law applies to “Information Holder[s],” defined as a persons or business entities that conduct business in Kentucky, including both those that own the personal information they maintain and those that maintain personal information for third parties.

The new law requires notification of the affected class of a data beach “in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement”.  While the new law does not require notice to the Kentucky Attorney General or other any other state regulator, it does require notification to the consumer reporting agencies, again, “without unreasonable delay” if more than 1,000 Kentucky residents are impacted.

Now that Kentucky has joined the rest of the Union, can New Mexico, South Dakota and Alabama be far behind?



Topics:  Breach Notification Rule, Data Breach, Personally Identifiable Information, Third-Party

Published In: Privacy Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Traub Lieberman Straus & Shrewsberry LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »