State Data Privacy Resources

Kentucky Data Breach Laws

Public Agencies and Non-Affiliated Third Parties:

  • KRS 61.931 Definitions, click here.
  • KRS 61.932 Personal information security and breach investigation procedures and practices for certain public agencies and nonaffiliated third parties, click here.
  • KRS 61.933 Notification of personal information security breach – Investigation – Notice to affected individuals of result of investigation – Personal information not subject to requirements – Injunctive relief by Attorney General, click here.
  • KRS 61.934 Personal information security and breach investigation procedures and practices for legislative and judicial branches — Personal information disposal or destruction procedures, click here.
  • Commonwealth of Kentucky, Protection of Personal Information, Security and Incident Investigation Procedures and Practices for Local Governmental Units, Policy Number DLG-PPI 100, click here.
  • Commonwealth of Kentucky Memo on Personal Security Information, January 9, 2015, click here.
  • KRS 171.450 Department procedures and regulations (including disposal and destruction of public records), click here.

Kentucky Commonwealth Office of Technology (to report on security breaches under KRS 61.932)

  • KRS 42.722 Definitions for KRS 42.720 to 42.742, click here.
  • KRS 42.724 Commonwealth Office of Technology, click here.
  • KRS 42.726 Roles, duties, and permissible activities for Commonwealth Office of Technology — Duties of Archives and Records Commission and Department for Libraries and Archives not affected — Annual report concerning security breaches, click here.
  • KRS 42.732 Kentucky Information Technology Advisory Council — Purposes – Members, click here.

Any “Information Holder” as defined by KY law:

  • KRS 365.732 Notification to affected persons of computer security breach involving their unencrypted personally identifiable information, click here.
  • KRS 365.734 Prohibited uses of personally identifiable student information by cloud computing service provider — Administrative regulation, click here.

 

Indiana Data Breach Laws

[This section is still under development with links to relevant law to come . . . stay tuned!]

 

Mississippi Data Breach Laws

[This section is still under development with links to relevant law to come . . . stay tuned!]

 

Tennessee Data Breach Laws

[This section is still under development with links to relevant law to come . . . stay tuned!]