| Last Action | 01/17/18: to Banking & Insurance (H) |
|---|---|
| Title | AN ACT relating to the security of personal information and declaring an emergency. |
| Bill Documents | Introduced |
| Bill Request Number | 1020 |
| Sponsors | R. Meeks, M. Marzian, A. Scott, S. Westrom |
| Summary of Original Version | Amend KRS 367.363 to include additional definitions; amend KRS 367.3645 to provide for a free security freeze in the event a protected person has been notified of a security breach pursuant to the Act or has been notified of a free security freeze, and to make technical corrections; amend KRS 367.365 to require consumer reporting agencies to encrypt electronic data contained in consumer files and consumer reports; allow for security freezes to be requested by methods established by the consumer reporting agency; allow consumers to request a replacement personal identification number or password in the same manner as the original security freeze request; remove the expiration of a credit freeze after seven years; include gender-neutral language; to prohibit a credit reporting agency from charging a fee for security freeze in the event a consumer has been notified of a security breach or of a free security freeze; require that consumer reporting agencies notify consumers of security breaches in compliance with KRS 365.732(4) to (7) and provide five years of credit monitoring; allow for a security freeze placed at one nationwide consumer reporting agency to be sent and applied to other nationwide consumer reporting agencies; require third-party agents to notify consumer reporting agencies of security breaches; require consumer reporting agencies to comply with KRS 365.732(3); prohibit requirements that consumers waive rights or submit to arbitration; amend KRS 365.730 to extend definitions to KRS 365.732; to conform the definition of "personally identifiable information"; amend KRS 365.732 to define "encrypt" and "security breach"; provide an exemption for consumer reporting agencies subject to this Act; prohibit electronic or substitute notice from being sent to electronic and email accounts involved in the security breach; provide for the request for three consumer reports from each nationwide consumer reporting agency by consumers affected by a security breach; prohibit requirements that consumers waive rights or submit to arbitration; require certain information holders to encrypt personally identifiable data; make technical corrections; amend KRS 61.931 to exempt certain persons from the definition of "nonaffiliated third parties"; conform the definition of "personally identifiable information"; make technical corrections; amend KRS 61.932, KRS 61.933, 61.934,171.450, 42.722, and 42.726 to conform; EMERGENCY. |
| Index Headings of Original Version |
Commerce - Consumer reporting agencies, data encryption, requirements for Commerce - Consumer reporting agencies, security breach, requirements for Commerce - Credit freeze expiration, removal of Commerce - Information holders, electronic or substitute notice, requirements for Consumer Affairs - Consumer reporting agencies, data encryption, requirements for Consumer Affairs - Consumer reporting agencies, free credit freeze by, providing for Consumer Affairs - Consumer reporting agencies, security breach, requirements for Consumer Affairs - Credit freeze expiration, removal of Consumer Affairs - Credit freeze, method of requesting Effective Dates, Emergency - Consumer reporting agencies, cybersecurity, requirements for Effective Dates, Emergency - Credit freeze expiration, removal of State Agencies - Personally identifiable information security law, technical corrections to Technology - Consumer reporting agencies, data encryption, requirements for |
| 01/11/18 |
|
|---|---|
| 01/17/18 |
|
Last updated: 9/1/2020 2:57 PM (EDT)
To receive notice when the record is updated follow @LRCTweetBot. @LRCTweetBot