Enhance your TRUST relationship with PRIVACY and SECURITY. Privacy Made Simple!

   +1 866 267 0049   830 NE Pop Tilton Place, Jensen Beach, FL 34957

Kentucky
Privacy Laws

Overview

BREACH NOTIFICATION – Mandated Timeframe
Without unreasonable delay

FINES & PENALTIES – Violations
Up to $2,000

Legal

Regulation Levels

  • Breach Reporting

    Breach Reporting

  • Consumer Notification

    Consumer Notification

  • Vendor Management

    Vendor Management

  • Vendor Contract Required

    Vendor Contract Required

PRIVACY AND SECURITY LAWS

Laws related to personal information and privacy and security.

QUICK FACTS

Kentucky Privacy Law Information

PRIVACY PROGRAM

Organizations and Vendors in the business of destroying records must have measures in place for the secure destruction of records containing personal information so the records are unreadable or indecipherable.

BREACH REPORTING

If notification is required for more than 1,000 consumers, the breached Organization must also notify all consumer reporting agencies and credit bureaus.

CONSUMER NOTIFICATION

Breach notification without delay must be given to any resident of Kentucky affected by a breach that includes personal information.

VENDOR/THIRD PARTIES

Vendors must notify Organizations as soon as possible after the discovery of a breach or suspected breach. The Organization will be responsible to complete any required regulatory reporting and consumer notification.

INDUSTRY SPECIFIC LAWS

Additional requirements may apply to student data and cloud computing service providers.

FINES & PENALTIES

Organizations may be fined or penalized for Vendor violations. Consumers may bring an action to recover damages for violations of the data destruction requirements.

Kentucky Statutes and Laws

KY REV STAT § 365.720

Definitions

KY REV STAT § 365.725

Destruction of customer’s records containing personally identifiable information

KY REV STAT § 365.730

Civil action for damages or injunction for violation of KRS 365.725

KY REV STAT § 365.732

Notification to affected persons of computer security breach involving their unencrypted personally identifiable information

KY REV STAT § 365.734

Student data and cloud computing service providers

DISCLAIMER

The information provided is not legal guidance or recommendations and are for informational purposes only.