Kentucky does not have a general privacy law, but the Supreme Court of Kentucky has interpreted that the Kentucky Constitution recognizes the right of privacy. As a result, Kentucky has various laws related to privacy, and consumers generally look to the Consumer Protection Act that prohibits the unfair, false, misleading, or deceptive actors or practices in the conduct of any trade or commerce.
Furthermore, Kentucky is making moves to the protection of personal data by implementing a security breach notification law. The security breach notification law establishes the procedures that businesses should follow if there is a security breach and a personal data is compromised.
If a Kentucky data breach occurs, businesses have to act quickly to protect the personal data of their consumers. Specifically, Kentucky businesses have to:
- Disclose the data breach to the affected Kentucky residents by:
- Written notice; or
- Electronic notice; or
- Substitute notice, if the business demonstrates that the cost of providing notice would exceed $250,000.00 or that the affected class of subject persons to be notified exceeds 500,000 or if the business does not have sufficient contact information. Substitute notice requires email notice, posting on the businesses’ website, and notification to major statewide media.
- If the data breach affects more than 1,0000 Kentucky residents, notify all consumer reporting agencies and credit bureaus that compile and maintain files on consumers on a nationwide basis,
Contact a Kentucky data privacy attorney at Rodriguez Lopez, APC if you are a business that collects, stores, and distributes personally identifiable information and are seeking to establish a data privacy security policy or information security policy. Rodriguez Lopez, APC can help your business establish guidelines and policies to mitigate the risks involved with personal data storage.