FINANCE AND ADMINISTRATION CABINET

Commonwealth Office of Technology

(As Amended at ARRS, November 14, 2014)

 

††††† 200 KAR 1:015. Data Breach Notification Forms.

 

††††† RELATES TO: KRS 61.932, 61.933

††††† STATUTORY AUTHORITY: KRS 42.726(2)(b), 61.932(2)(b)2., 61.933

††††† NECESSITY, FUNCTION, AND CONFORMITY: KRS 42.726(2)(b) authorizes the Finance and Administration Cabinet, Commonwealth Office of Technology ("COT") to promulgate administrative regulations relating to COTís duties. KRS 61.933 specifically authorizes COT to promulgate administrative regulations prescribing[prescribe] forms necessary for notification by state agencies and nonaffiliated third parties when they suspect or have determined that a breach of personal information that the state agency or nonaffiliated third party maintains or otherwise possesses on behalf of another agency has occurred. KRS 61.932(2)(b)2. specifically authorizes COT to promulgate administrative regulations prescribing a form to be used if[prescribe forms when] law enforcement agencies have requested a delay of notification to allow for investigation of the suspected or determined breach. This administrative regulation establishes the required forms for notification of a suspected or determined breach of personal information or a request to delay notification by law enforcement.

 

††††† Section 1. Administrative - Required Forms. (1) Finance Form FAC-001, Suspected and Determined Breach Notification Form, shall be completed by a state agency or nonaffiliated third party to notify the agency for whom it maintains or otherwise possesses personal information regarding a suspected or determined breach in data.

††††† (2) Finance Form FAC-002, Delay Notification Record, shall be completed by a state agency or nonaffiliated third party if[when] a law enforcement agency has requested a delay of notification to allow for investigation of the suspected or determined breach.

 

††††† Section 2. Incorporation by Reference. (1) The following material is incorporated by reference:

††††† (a) Finance Form FAC-001, "Suspected and Determined Breach Notification Form," January 1, 2015[August, 2014]; and

††††† (b) Finance Form FAC-002, "Delay Notification Record," August, 2014.

††††† (2) This material may be inspected, copied, or obtained, subject to applicable copyright law, at the Commonwealth Office of Technology, 101 Cold Harbor Drive, Frankfort, Kentucky 40601 Monday through Friday, 8 a.m. to 5 p.m., and on the Finance and Administration Cabinet Web site, http://finance.ky.gov/Pages/default.aspx.

 

STEVE RUCKER, Deputy Secretary

††††† APPROVED BY AGENCY: August 14, 2014

††††† FILED WITH LRC: August 14, 2014 at 10 a.m.

††††† CONTACT PERSON: Doug Hendrix, Deputy General Counsel, Finance and Administration Cabinet, 702 Capitol Avenue, Frankfort, Kentucky 40601, phone (502) 564-6660, fax (502) 564-9875.