Last Action | signed by Governor (Acts, ch. 74) |
---|---|
Title | AN ACT relating to the safety and security of personal information held by public agencies. |
Bill Documents |
Bill
|
Impact Statements | Local Mandate |
Bill Request Number | 862 |
Sponsors | D. Butler, S. Santoro, J. Adams, R. Adkins, J. Bell, R. Benvenuti III, K. Bratcher, T. Burch, D. Butler, J. Carney, L. Clark, H. Collins, L. Combs, T. Couch, W. Coursey, J. Crenshaw, R. Crimm, B. Damron, J. DeCesare, M. Denham, J. Donohue, M. Dossett, C. Embry Jr., J. Fischer, K. Flood, J. Glenn, D. Graham, J. Greer, K. Hall, M. Harmon, R. Heath, T. Herald, D. Horlander, R. Huff, K. Imes, J. Jenkins, J. Kay, D. Keene, K. King, M. King, A. Koenig, J. Lee, S. Lee, B. Linder, M. Marzian, D. Mayfield, T. McKee, D. Meade , R. Meeks, M. Meredith, S. Miles, C. Miller, T. Mills, B. Montell, T. Moore, D. Osborne, S. Overly, R. Palumbo, R. Quarles, M. Rader, J. Richards, S. Riggs, T. Riner, B. Rowland, A. Simpson, K. Sinnette, D. St. Onge, F. Steele, J. Stewart III, G. Stumbo, T. Thompson, J. Tilley, T. Turner, K. Upchurch, G. Watkins, J. Wayne, R. Webber, S. Westrom, A. Wuchner, B. Yonts, J. York |
Summary of Original Version | Create a new section of KRS Chapter 61 to define certain terms; create a new section of KRS Chapter 61 to require public agencies and nonaffiliated third parties to implement, maintain, and update security procedures and practices, including taking any appropriate corrective action to safeguard against security breaches; establish reasonable security and breach investigation procedures; include security and breach investigation procedures in contracts with nonaffiliated third parties; create a new section of KRS Chapter 61 to require public agencies that maintain personal information to notify persons impacted by security breaches; notify specified officials of security breaches; specify how to provide notice of security breaches to impacted individuals; create a new section of KRS Chapter 61 to require the Department for Libraries and Archives to establish procedures for the disposal and destruction of records that include personal information and require the legislative and judicial branches to follow Sections 1 to 4 of this Act; amend KRS 42.722 to define certain terms; amend KRS 42.726 to require the Commonwealth Office of Technology to develop a security framework relating to privacy and confidentiality of personal information and submit an annual report to the Legislative Research Commission regarding security breaches; amend KRS 42.732 to require the Commonwealth Office of Technology to receive specified advice on preventing security attacks; amend KRS 171.450 to require the Department for Libraries and Archives to establish procedures to protect against unauthorized access to personal information; amend KRS 171.680 to require public agencies to comply with the provisions of Sections 1 to 4 of this Act. |
Index Headings of Original Version |
Legislative Research Commission - Security, breach investigation procedures, development of State Agencies - Security, breach investigation procedures, development of Information Technology - Personal information, security breaches, prevention, notification of Archives and Records - Personal information, appropriate disposal Attorney General - Security breaches, receive notification of Auditor of Public Accounts - Security breaches, receive notification of Local Mandate - Security, breach investigation procedures, development of |
Proposed Amendments |
House Committee Substitute 1 Senate Committee Substitute 1 |
Votes | Vote History |
01/09/14 |
|
---|---|
01/13/14 |
|
01/21/14 |
|
01/23/14 |
|
01/24/14 |
|
01/28/14 |
|
01/30/14 |
|
01/31/14 |
|
02/04/14 |
|
03/18/14 |
|
03/19/14 |
|
03/20/14 |
|
03/21/14 |
|
03/24/14 |
|
03/27/14 |
|
03/28/14 |
|
03/31/14 |
|
04/10/14 |
|
Amendment | House Committee Substitute 1 |
---|---|
Impact Statements | Local Mandate |
Summary | Retain original provisions, except: require the Department for Local Government to consult with public entities in development of security and breach investigation procedures for local governments; require the Commonwealth Office of Technology to make available technical assistance for the establishment of security and breach investigation procedures upon request of an agency; require agencies to notify appropriate entities when investigation reveals misuse of personal information has not occurred; declare that provisions of the Act do not impact the Open Records Act; make the Act effective January 1, 2015. |
Index Headings |
Legislative Research Commission - Security, breach investigation procedures, development of State Agencies - Security, breach investigation procedures, development of Information Technology - Personal information, security breaches, prevention, notification of Archives and Records - Personal information, appropriate disposal Attorney General - Security breaches, receive notification of Auditor of Public Accounts - Security breaches, receive notification of Local Mandate - Security, breach investigation procedures, development of |
Amendment | Senate Committee Substitute 1 |
---|---|
Summary | Retain original provisions, except: make technical corrections; define "individually identifiable health information"; define "nonaffiliated third party" to include persons who have a contract or agreement with an agency and receive personal information under that contract or agreement, but are not necessarily providing services or resources; define "security breach" to include nonaffiliated third parties and consider likelihood of harm to individuals; make Kentucky Board of Education agency responsible for implementing security and breach investigation procedures for public school districts; delete language requiring notification of additional requirements beyond those required under this bill; allow nonaffiliated third parties and agencies 72 hours for security breach notification instead of 24 hours; prohibit private right of action; effective January 1, 2015. |
Index Headings |
Legislative Research Commission - Security, breach investigation procedures, development of State Agencies - Security, breach investigation procedures, development of Information Technology - Personal information, security breaches, prevention, notification of Archives and Records - Personal information, appropriate disposal Attorney General - Security breaches, receive notification of Auditor of Public Accounts - Security breaches, receive notification of Local Mandate - Security, breach investigation procedures, development of |
Last updated: 8/27/2019 6:52 PM (EDT)