| Last Action | to Economic Development, Tourism, and Labor (S) |
|---|---|
| Title | AN ACT relating to the security of personal information and declaring an emergency. |
| Bill Documents | Introduced |
| Bill Request Number | 1311 |
| Sponsors | M. McGarvey, R. Alvarado, W. Westerfield |
| Summary of Original Version | Amend KRS 367.363 to include additional definitions; amend KRS 367.3645 to provide for a free security freeze in the event a protected person has been notified of a security breach and to make technical corrections; amend KRS 367.365 to require consumer reporting agencies to encrypt electronic data contained in consumer files and consumer reports; allow for security freezes to be requested by methods established by the consumer reporting agency; allow consumers to request a replacement personal identification number or password in the same manner as the original security freeze request; remove the expiration of a credit freeze after seven years; include gender-neutral language; prohibit a credit reporting agency from charging a fee for security freeze in the event a consumer has been notified of a security breach; require that consumer reporting agencies notify consumers of security breaches in compliance with KRS 365.732(4) to (7) and provide three years of credit monitoring; allow for a security freeze, temporary lift, or removal request placed at one nationwide consumer reporting agency to be sent and applied to other nationwide consumer reporting agencies; require third-party agents to notify consumer reporting agencies of security breaches; require consumer reporting agencies to comply with KRS 365.732(3); prohibit requirements that consumers waive rights or submit to arbitration; amend KRS 365.732 to define "encrypt," "personally identifiable information," and "security breach"; provide an exemption for consumer reporting agencies subject to this Act; prohibit electronic or substitute notice from being sent to electronic and e-mail accounts involved in the security breach; provide for the request of one consumer report from each nationwide consumer reporting agency by consumers affected by a security breach; prohibit requirements that consumers waive rights or submit to arbitration; require certain information holders to encrypt personally identifiable data; make technical corrections; amend KRS 61.931 to include exemption for certain persons from the definition of "nonaffiliated third parties"; conform the definition of "personally identifiable information"; make technical corrections; amend KRS 61.932, 61.933, 61.934, 171.450, 42.722, and 42.726 to conform; EMERGENCY. |
| Index Headings of Original Version |
Commerce - Consumer reporting agencies, data encryption, requirements for Commerce - Consumer reporting agencies, security breach, requirements for Commerce - Credit freeze expiration, removal of Commerce - Information holders, electronic or substitute notice, requirements for Consumer Affairs - Consumer reporting agencies, data encryption, requirements for Consumer Affairs - Consumer reporting agencies, free credit freeze by, providing for Consumer Affairs - Consumer reporting agencies, security breach, requirements for Consumer Affairs - Credit freeze expiration, removal of Consumer Affairs - Credit freeze, method of requesting Effective Dates, Emergency - Consumer reporting agencies, cybersecurity, requirements for Effective Dates, Emergency - Credit freeze expiration, removal of Technology - Consumer reporting agencies, data encryption, requirements for |
| 03/01/18 |
|
|---|---|
| 03/05/18 |
|
Last updated: 1/16/2019 3:00 PM (EST)