Close
logo

Kentucky Privacy Laws

Breach Notification

Mandated Timeframe

Without unreasonable delay

Fines & Penalties

Violations

Up to $2,000

REGULATION LEVELS

Breach Reporting Consumer Notifications
Vendor Management Vendor Contract Required
LEVEL DESCRIPTION
Minimal Basic Comprehensive Extensive
LAWS RELATED TO PERSONAL INFORMATION
Regulated Breach Reporting

Breach Reporting Requirements

Consumer Notification Requirements

Vendor Notification of Breach

Vendor Requirements

Vendor Specific Obligations

Vendor Mandated Contracts

Privacy Program Requirements

Protection/Security

Employee Training

Vendor Protection/Security Program

Personal Information Protection

Data Disposal of Personal Information

Breach Notification

Mandated Timeframe

Without unreasonable delay

Fines & Penalties

Violations

Up to $2,000

REGULATION LEVELS

Breach
Reporting		 Consumer
Notifications
Vendor
Management		 Vendor
Contract Required
LEVEL DESCRIPTION
Minimal Basic Comprehensive Extensive
LAWS RELATED TO PERSONAL INFORMATION
Regulated Breach Reporting

Breach Reporting Requirements

Consumer Notification Requirements

Vendor Notification of Breach

Vendor Requirements

Vendor Specific Obligations

Vendor Mandated Contracts

Privacy Program Requirements

Protection/Security

Employee Training

Vendor Protection/Security Program

Personal Information Protection

Data Disposal of Personal Information

Breach Notification

Mandated Timeframe

Without unreasonable delay

Fines & Penalties

Violations

Up to $2,000

REGULATION LEVELS

Breach
Reporting		 Consumer
Notifications
Vendor
Management		 Vendor
Contract Required
LEVEL DESCRIPTION
Minimal Basic Comprehensive Extensive
LAWS RELATED TO PERSONAL INFORMATION
Breach Reporting

Breach Reporting Requirements

Consumer Notification Requirements

Vendor Notification of Breach

Protect Personal Information

Vendor Specific Obligations

Vendor Mandated Contracts

Required Programs

Protection/Security

Employee Training

Vendor Protection/Security Program

Personal Information Protection

Data Disposal of Personal Information

Quick Facts

Kentucky Privacy Law Information

  • Privacy Program

    Organizations and Vendors in the business of destroying records must have measures in place for the secure destruction of records containing personal information so the records are unreadable or indecipherable.

  • Breach Reporting

    If notification is required for more than 1,000 consumers, the breached Organization must also notify all consumer reporting agencies and credit bureaus.

  • Consumer Notification

    Breach notification without delay must be given to any resident of Kentucky affected by a breach that includes personal information.

  • Vendor/Third Parties

    Vendors must notify Organizations as soon as possible after the discovery of a breach or suspected breach. The Organization will be responsible to complete any required regulatory reporting and consumer notification.

  • Industry Specific Laws

    Additional requirements may apply to student data and cloud computing service providers.

  • Fines & Penalties

    Organizations may be fined or penalized for Vendor violations. Consumers may bring an action to recover damages for violations of the data destruction requirements.

Kentucky

Statutes and Laws

KY REV STAT § 365.720

Definitions

KY REV STAT § 365.725

Destruction of customer’s records containing personally identifiable information

KY REV STAT § 365.730

Civil action for damages or injunction for violation of KRS 365.725

KY REV STAT § 365.732

Notification to affected persons of computer security breach involving their unencrypted personally identifiable information

KY REV STAT § 365.734

Student data and cloud computing service providers