July 2, 2020

Volume X, Number 184

July 01, 2020

Subscribe to Latest Legal News and Analysis

June 30, 2020

Subscribe to Latest Legal News and Analysis

June 29, 2020

Subscribe to Latest Legal News and Analysis

Kentucky Becomes 47th State with a Data Breach Notification Law

On April 10, 2014, Kentucky became the 47th state to enact breach notification legislation.  Under the new law, companies that conduct business in Kentucky and hold consumer data of Kentucky residents will now be required to disclose data breaches involving the unauthorized acquisition of unencrypted computerized data of Kentucky residents.  Companies must disclose the breach in the “most expedient time possible” and “without unreasonable delay” to any state resident whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person.

The Kentucky law is similar to many other state breach notification laws.  For example, the Kentucky law defines “personal information” as an individual’s first name or first initial and last name in combination with either their Social Security number; driver’s license number; or account, credit or debit card number in combination with any required security or access code.  In addition, the legislation permits companies to provide notification in written or electronic form, through email, through major statewide media or by posting an alert on their website, and allows for the delay of notification if a law enforcement agency determines the action will impede its criminal investigation.

Notably, the law does not require notification to the state attorney general, but does require that notification be given to consumer reporting agencies and credit bureaus if the breach affects more than 1,000 individuals.

Now that Kentucky has a data breach notification law, just Alabama, New Mexico and South Dakota remain as the three states that still do not have a comprehensive notification law outside of the public sector.

© 2020 McDermott Will & EmeryNational Law Review, Volume IV, Number 105


About this Author

Our e-Business Group is composed of lawyers in the Firm's various offices and departments around the world. The Group is led by a core team of full-time technology transaction and e-business lawyers with historic practices in this area. Given the international scope and broad range of legal issues involved in important technology transactions and online trade, McDermott Will & Emery's breadth ensures that clients have access to leading-edge advice in any of the areas pertinent to the actual or proposed transaction or activity.

Lawyers in our...

305 347 6556