House Bill 5

Actions | Amendments
Last Action signed by Governor (Acts, ch. 74)
Title AN ACT relating to the safety and security of personal information held by public agencies.
Bill Documents Bill
Impact Statements Local Mandate
Bill Request Number 862
Sponsors D. Butler, S. Santoro, J. Adams, R. Adkins, J. Bell, R. Benvenuti III, K. Bratcher, T. Burch, D. Butler, J. Carney, L. Clark, H. Collins, L. Combs, T. Couch, W. Coursey, J. Crenshaw, R. Crimm, B. Damron, J. DeCesare, M. Denham, J. Donohue, M. Dossett, C. Embry Jr., J. Fischer, K. Flood, J. Glenn, D. Graham, J. Greer, K. Hall, M. Harmon, R. Heath, T. Herald, D. Horlander, R. Huff, K. Imes, J. Jenkins, J. Kay, D. Keene, K. King, M. King, A. Koenig, J. Lee, S. Lee, B. Linder, M. Marzian, D. Mayfield, T. McKee, D. Meade , R. Meeks, M. Meredith, S. Miles, C. Miller, T. Mills, B. Montell, T. Moore, D. Osborne, S. Overly, R. Palumbo, R. Quarles, M. Rader, J. Richards, S. Riggs, T. Riner, B. Rowland, A. Simpson, K. Sinnette, D. St. Onge, F. Steele, J. Stewart III, G. Stumbo, T. Thompson, J. Tilley, T. Turner, K. Upchurch, G. Watkins, J. Wayne, R. Webber, S. Westrom, A. Wuchner, B. Yonts, J. York
Summary of Original Version Create a new section of KRS Chapter 61 to define certain terms; create a new section of KRS Chapter 61 to require public agencies and nonaffiliated third parties to implement, maintain, and update security procedures and practices, including taking any appropriate corrective action to safeguard against security breaches; establish reasonable security and breach investigation procedures; include security and breach investigation procedures in contracts with nonaffiliated third parties; create a new section of KRS Chapter 61 to require public agencies that maintain personal information to notify persons impacted by security breaches; notify specified officials of security breaches; specify how to provide notice of security breaches to impacted individuals; create a new section of KRS Chapter 61 to require the Department for Libraries and Archives to establish procedures for the disposal and destruction of records that include personal information and require the legislative and judicial branches to follow Sections 1 to 4 of this Act; amend KRS 42.722 to define certain terms; amend KRS 42.726 to require the Commonwealth Office of Technology to develop a security framework relating to privacy and confidentiality of personal information and submit an annual report to the Legislative Research Commission regarding security breaches; amend KRS 42.732 to require the Commonwealth Office of Technology to receive specified advice on preventing security attacks; amend KRS 171.450 to require the Department for Libraries and Archives to establish procedures to protect against unauthorized access to personal information; amend KRS 171.680 to require public agencies to comply with the provisions of Sections 1 to 4 of this Act.
Index Headings of Original Version Legislative Research Commission - Security, breach investigation procedures, development of
State Agencies - Security, breach investigation procedures, development of
Information Technology - Personal information, security breaches, prevention, notification of
Archives and Records - Personal information, appropriate disposal
Attorney General - Security breaches, receive notification of
Auditor of Public Accounts - Security breaches, receive notification of
Local Mandate - Security, breach investigation procedures, development of
Proposed Amendments House Committee Substitute 1
Senate Committee Substitute 1
Votes Vote History

Actions

Top | Amendments
01/09/14
  • introduced in House
01/13/14
  • to State Government (H)
01/21/14
  • posted in committee
01/23/14
  • reported favorably, 1st reading, to Consent Calendar with Committee Substitute
01/24/14
  • 2nd reading, to Rules
01/28/14
  • taken from Rules (H)
  • placed in the Consent Orders of the Day for Thursday, January 30, 2014
01/30/14
  • 3rd reading, passed 100-0 with Committee Substitute
01/31/14
  • received in Senate
02/04/14
  • to State & Local Government (S)
03/18/14
  • reported favorably, 1st reading, to Consent Calendar with Committee Substitute
03/19/14
  • 2nd reading, to Rules
03/20/14
  • posted for passage in the Consent Orders of the Day for Friday, March 21, 2014
03/21/14
  • 3rd reading, passed 38-0 with Committee Substitute
03/24/14
  • received in House
  • to Rules (H)
03/27/14
  • taken from Rules
  • posted for passage for concurrence in Senate Committee Substitute
03/28/14
  • House concurred in Senate Committee Substitute
  • passed 97-0
03/31/14
  • enrolled, signed by each presiding officer
  • delivered to Governor
04/10/14
  • signed by Governor (Acts, ch. 74)

Proposed Amendments

Top | Actions
Amendment House Committee Substitute 1
Impact Statements Local Mandate
Summary Retain original provisions, except: require the Department for Local Government to consult with public entities in development of security and breach investigation procedures for local governments; require the Commonwealth Office of Technology to make available technical assistance for the establishment of security and breach investigation procedures upon request of an agency; require agencies to notify appropriate entities when investigation reveals misuse of personal information has not occurred; declare that provisions of the Act do not impact the Open Records Act; make the Act effective January 1, 2015.
Index Headings Legislative Research Commission - Security, breach investigation procedures, development of
State Agencies - Security, breach investigation procedures, development of
Information Technology - Personal information, security breaches, prevention, notification of
Archives and Records - Personal information, appropriate disposal
Attorney General - Security breaches, receive notification of
Auditor of Public Accounts - Security breaches, receive notification of
Local Mandate - Security, breach investigation procedures, development of

Amendment Senate Committee Substitute 1
Summary Retain original provisions, except: make technical corrections; define "individually identifiable health information"; define "nonaffiliated third party" to include persons who have a contract or agreement with an agency and receive personal information under that contract or agreement, but are not necessarily providing services or resources; define "security breach" to include nonaffiliated third parties and consider likelihood of harm to individuals; make Kentucky Board of Education agency responsible for implementing security and breach investigation procedures for public school districts; delete language requiring notification of additional requirements beyond those required under this bill; allow nonaffiliated third parties and agencies 72 hours for security breach notification instead of 24 hours; prohibit private right of action; effective January 1, 2015.
Index Headings Legislative Research Commission - Security, breach investigation procedures, development of
State Agencies - Security, breach investigation procedures, development of
Information Technology - Personal information, security breaches, prevention, notification of
Archives and Records - Personal information, appropriate disposal
Attorney General - Security breaches, receive notification of
Auditor of Public Accounts - Security breaches, receive notification of
Local Mandate - Security, breach investigation procedures, development of

Last updated: 1/16/2019 3:18 PM (EST)