TRENDING:

Ky. Lawmakers Unveil Breach Notification Bill

Kentucky One of Four States Without Breach Notice Law Eric Chabrow (GovInfoSecurity) • January 15, 2014    
Ky. Lawmakers Unveil Breach Notification Bill
Kentucky Public Auditor Adam Edelen

Kentucky lawmakers have introduced legislation that, if enacted, would make the Bluegrass State the 47th state to have a data breach notification law on its books.

See Also: JavaScript and Blockchain: Technologies You Can't Ignore

The legislation, House Bill 5, would only apply to breaches targeting state and local government computers as well as IT systems of other state-supported entities, such as public schools. It would not apply to businesses.

Adam Edelen, the elected state auditor of public accounts, says in an interview with Information Security Media Group that legislative support for a data breach notification law to include business doesn't exist among most Kentucky lawmakers (see Breach Law: Kentucky the 47th State?).

But Edelen suggests enacting a notification law for public agencies to report data breaches could spur lawmakers eventually to enact a broader bill to cover businesses. "It's very important that the public sector model the behavior," he said. " ... Government has the opportunity to demonstrate that [data breach notification] works, it's not onerous and could serve as a model of behavior for businesses."

Bill's Provisions

The bill would require affected agencies to notify the state police, public auditor and attorney general within 24 hours of discovery of a security breach. It also would require affected agencies to conduct a reasonable and prompt investigation after a breach is discovered.

The legislation would oblige targeted agencies to notify appropriate government authorities if personally identifiable information was misused within 48 hours and individuals whose personal data were exposed within 35 days of the completion of the investigation into a breach.

In addition, the bill would require the state to report to national consumer reporting agencies a breach in which the PII of 1,000 or ore individuals was exposed.

House Bill 5 has 60 House sponsors from both political parties.

"This is an opportunity to bring increased focus on what is an incredibly important policy area, and that's the issue of privacy, by making sure that the people who support our government are protected," says Edelen, the bill's chief advocate. "I think it's a critical component of good government."

The three other states without a data breach notification law are Alabama, New Mexico and South Carolina.

Previous
Target Invests in Security Education
Next
Breach Notification Bills Pile Up in Senate

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.



Around the Network

Stopping Cloud Workload Attacks
Stopping Cloud Workload Attacks
Israel-Hamas War: 'We All Know Someone That Lost Someone'
Israel-Hamas War: 'We All Know Someone That Lost Someone'
Mapping the Unseen Vulnerabilities of Zombie APIs
Mapping the Unseen Vulnerabilities of Zombie APIs
Supporting CISA - The 'Focal Point of Our Defensive Efforts'
Supporting CISA - The 'Focal Point of Our Defensive Efforts'
How a CEO Runs a Company in Wartime
How a CEO Runs a Company in Wartime
Why Hospitals Should Beware of Malicious AI Use
Why Hospitals Should Beware of Malicious AI Use
Mapping Access - and Attack - Paths in Active Directory
Mapping Access - and Attack - Paths in Active Directory
Getting a Tighter Grip on Vendor Security Risk in Healthcare
Getting a Tighter Grip on Vendor Security Risk in Healthcare
Good Governance: 'It's All Hygiene'
Good Governance: 'It's All Hygiene'
How Biden's AI Executive Order Will Affect Healthcare
How Biden's AI Executive Order Will Affect Healthcare

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.