Kentucky
Privacy Laws
Overview
BREACH NOTIFICATION – Mandated Timeframe
Without unreasonable delay
FINES & PENALTIES – Violations
Up to $2,000
Regulation Levels
-
Breach Reporting
-
Consumer Notification
-
Vendor Management
-
Vendor Contract Required
PRIVACY AND SECURITY LAWS
Laws related to personal information and privacy and security.
Breach Reporting
Required
Vendor Obligations
Required
Consumer Notification
Required
Vendor Contracts
Not Required
Vendor Notification
Required
Privacy Program
Required
QUICK FACTS
Kentucky Privacy Law Information
Organizations and Vendors in the business of destroying records must have measures in place for the secure destruction of records containing personal information so the records are unreadable or indecipherable.
If notification is required for more than 1,000 consumers, the breached Organization must also notify all consumer reporting agencies and credit bureaus.
Breach notification without delay must be given to any resident of Kentucky affected by a breach that includes personal information.
Vendors must notify Organizations as soon as possible after the discovery of a breach or suspected breach. The Organization will be responsible to complete any required regulatory reporting and consumer notification.
Additional requirements may apply to student data and cloud computing service providers.
Organizations may be fined or penalized for Vendor violations. Consumers may bring an action to recover damages for violations of the data destruction requirements.
Kentucky Statutes and Laws
Definitions
Destruction of customer’s records containing personally identifiable information
Civil action for damages or injunction for violation of KRS 365.725
Notification to affected persons of computer security breach involving their unencrypted personally identifiable information
Student data and cloud computing service providers
DISCLAIMER
The information provided is not legal guidance or recommendations and are for informational purposes only.