Senate Bill 248

Actions
Last Action to Economic Development, Tourism, and Labor (S)
Title AN ACT relating to the security of personal information and declaring an emergency.
Bill Documents Introduced
Bill Request Number 1311
Sponsors M. McGarvey, R. Alvarado, W. Westerfield
Summary of Original Version Amend KRS 367.363 to include additional definitions; amend KRS 367.3645 to provide for a free security freeze in the event a protected person has been notified of a security breach and to make technical corrections; amend KRS 367.365 to require consumer reporting agencies to encrypt electronic data contained in consumer files and consumer reports; allow for security freezes to be requested by methods established by the consumer reporting agency; allow consumers to request a replacement personal identification number or password in the same manner as the original security freeze request; remove the expiration of a credit freeze after seven years; include gender-neutral language; prohibit a credit reporting agency from charging a fee for security freeze in the event a consumer has been notified of a security breach; require that consumer reporting agencies notify consumers of security breaches in compliance with KRS 365.732(4) to (7) and provide three years of credit monitoring; allow for a security freeze, temporary lift, or removal request placed at one nationwide consumer reporting agency to be sent and applied to other nationwide consumer reporting agencies; require third-party agents to notify consumer reporting agencies of security breaches; require consumer reporting agencies to comply with KRS 365.732(3); prohibit requirements that consumers waive rights or submit to arbitration; amend KRS 365.732 to define "encrypt," "personally identifiable information," and "security breach"; provide an exemption for consumer reporting agencies subject to this Act; prohibit electronic or substitute notice from being sent to electronic and e-mail accounts involved in the security breach; provide for the request of one consumer report from each nationwide consumer reporting agency by consumers affected by a security breach; prohibit requirements that consumers waive rights or submit to arbitration; require certain information holders to encrypt personally identifiable data; make technical corrections; amend KRS 61.931 to include exemption for certain persons from the definition of "nonaffiliated third parties"; conform the definition of "personally identifiable information"; make technical corrections; amend KRS 61.932, 61.933, 61.934, 171.450, 42.722, and 42.726 to conform; EMERGENCY.
Index Headings of Original Version Commerce - Consumer reporting agencies, data encryption, requirements for
Commerce - Consumer reporting agencies, security breach, requirements for
Commerce - Credit freeze expiration, removal of
Commerce - Information holders, electronic or substitute notice, requirements for
Consumer Affairs - Consumer reporting agencies, data encryption, requirements for
Consumer Affairs - Consumer reporting agencies, free credit freeze by, providing for
Consumer Affairs - Consumer reporting agencies, security breach, requirements for
Consumer Affairs - Credit freeze expiration, removal of
Consumer Affairs - Credit freeze, method of requesting
Effective Dates, Emergency - Consumer reporting agencies, cybersecurity, requirements for
Effective Dates, Emergency - Credit freeze expiration, removal of
Technology - Consumer reporting agencies, data encryption, requirements for

Actions

Top
03/01/18
  • introduced in Senate
03/05/18
  • to Economic Development, Tourism, and Labor (S)


Last updated: 1/16/2019 3:00 PM (EST)