Kentucky is now the 47th state to enact a data breach notification law.
Identity Theft/Fraud Trigger
The bill was signed into law by Governor Steve Beshear earlier this month and requires notification following an event “that actually causes, or leads the information holder to reasonably believe has caused or will cause, identity theft or fraud. Kentucky’s law defines “personally identifiable information” as an individual’s first name or first initial and last name in combination with any one or more of the following data elements (when not redacted):
- DL numbers
- Account number, credit or debit number, in combination with any required security code, access code or password permit[ing]access to an individual’s financial account.
The statute specifies that any “information holder” shall disclose any breach of the security system following discovery or notification of the breach in the security of the data, to any resident of Kentucky whose unencrypted personal information was, or is reasonably believed to have been, acquired by an authorized person. The statute states disclosure “shall be made in the most expedient time possible…consistent with the legitimate needs of law enforcement.” The notification provisions shall not apply to any person subject to the provisions of Gramm-Leach Bliley, HIPAA or any state or local governmental agency.
In addition, the statute requires express parental permission for a cloud computing service provider to process student data, for any purpose other than for providing, improving, developing, or maintaining the integrity of the cloud computing services (or if done connection with educational research, per federal statute).
The state auditor had promoted enacting such legislation and released a report stating:
“Although auditors didn’t identify any cyber security breaches, they did find instances of state agencies failing to take the necessary steps to protect confidential or sensitive information,” Auditor Edelen said. “This further illustrates the need for legislation to incentivize state and local government to better secure the data it holds on us, as well as require them to notify us when it’s
lost or stolen.”
Just in time for the 140th “Run for the Roses”
My Old Kentucky Home by Stephen Foster
The sun shines bright in My Old Kentucky Home,
‘Tis summer, the people are gay;
The corn-top’s ripe and the meadow’s in the bloom
While the birds make music all the day.
The young folks roll on the little cabin floor,
All merry, all happy and bright;
By ‘n’ by hard times comes a knocking at the door,
Then My Old Kentucky Home, good night!
Weep no more my lady
Oh weep no more today;
We will sing one song
For My Old Kentucky Home
For My Old Kentucky Home, far away
“The Kentucky Derby is a Grade I stakes race for three year-old Thoroughbred horses, held annually in Louisville, Kentucky, on the first Saturday in May. The race is one and a quarter miles at Churchill Downs. The race is known in the United States as “The Greatest Two Minutes in Sports™” for its approximate duration, and is also called “The Run for the Roses” for the blanket of roses draped over the winner. It is the first leg of the United States Triple Crown of Thoroughbred Racing and is followed by the Preakness Stakes and Belmont Stakes.”
And, for some Data and The Derby – see: