House Bill 188

Actions
Last Action to Banking & Insurance (H)
Title AN ACT relating to the security of personal information and declaring an emergency.
Bill Documents Introduced
Bill Request Number 1020
Sponsors R. Meeks, M. Marzian, A. Scott, S. Westrom
Summary of Original Version Amend KRS 367.363 to include additional definitions; amend KRS 367.3645 to provide for a free security freeze in the event a protected person has been notified of a security breach pursuant to the Act or has been notified of a free security freeze, and to make technical corrections; amend KRS 367.365 to require consumer reporting agencies to encrypt electronic data contained in consumer files and consumer reports; allow for security freezes to be requested by methods established by the consumer reporting agency; allow consumers to request a replacement personal identification number or password in the same manner as the original security freeze request; remove the expiration of a credit freeze after seven years; include gender-neutral language; to prohibit a credit reporting agency from charging a fee for security freeze in the event a consumer has been notified of a security breach or of a free security freeze; require that consumer reporting agencies notify consumers of security breaches in compliance with KRS 365.732(4) to (7) and provide five years of credit monitoring; allow for a security freeze placed at one nationwide consumer reporting agency to be sent and applied to other nationwide consumer reporting agencies; require third-party agents to notify consumer reporting agencies of security breaches; require consumer reporting agencies to comply with KRS 365.732(3); prohibit requirements that consumers waive rights or submit to arbitration; amend KRS 365.730 to extend definitions to KRS 365.732; to conform the definition of "personally identifiable information"; amend KRS 365.732 to define "encrypt" and "security breach"; provide an exemption for consumer reporting agencies subject to this Act; prohibit electronic or substitute notice from being sent to electronic and email accounts involved in the security breach; provide for the request for three consumer reports from each nationwide consumer reporting agency by consumers affected by a security breach; prohibit requirements that consumers waive rights or submit to arbitration; require certain information holders to encrypt personally identifiable data; make technical corrections; amend KRS 61.931 to exempt certain persons from the definition of "nonaffiliated third parties"; conform the definition of "personally identifiable information"; make technical corrections; amend KRS 61.932, KRS 61.933, 61.934,171.450, 42.722, and 42.726 to conform; EMERGENCY.
Index Headings of Original Version Commerce - Consumer reporting agencies, data encryption, requirements for
Commerce - Consumer reporting agencies, security breach, requirements for
Commerce - Credit freeze expiration, removal of
Commerce - Information holders, electronic or substitute notice, requirements for
Consumer Affairs - Consumer reporting agencies, data encryption, requirements for
Consumer Affairs - Consumer reporting agencies, free credit freeze by, providing for
Consumer Affairs - Consumer reporting agencies, security breach, requirements for
Consumer Affairs - Credit freeze expiration, removal of
Consumer Affairs - Credit freeze, method of requesting
Effective Dates, Emergency - Consumer reporting agencies, cybersecurity, requirements for
Effective Dates, Emergency - Credit freeze expiration, removal of
State Agencies - Personally identifiable information security law, technical corrections to
Technology - Consumer reporting agencies, data encryption, requirements for

Actions

Top
01/11/18
  • introduced in House
01/17/18
  • to Banking & Insurance (H)


Last updated: 1/16/2019 3:00 PM (EST)