The hyperlink to a bill draft that precedes a summary contains the most recent version (Introduced/GA/Enacted) of the bill. If the session has ended, the hyperlink contains the latest version of the bill at the time of sine die adjournment. Note that the summary pertains to the bill as introduced, which is often different from the most recent version.
BR 286 - M. McGarvey
AN ACT relating to the security of personal information and declaring an emergency.
Amend KRS 367.363 to include additional definitions; amend KRS 367.3645 to provide for a free security freeze in the event a protected person has been notified of a security breach pursuant to the Act and to make technical corrections; amend KRS 367.365 to require consumer reporting agencies to encrypt electronic data contained in consumer files and consumer reports; allow for security freezes to be requested by methods established by the consumer reporting agency; allow consumers to request a replacement personal identification number or password in the same manner as the original security freeze request; remove the expiration of a credit freeze after seven years; include gender-neutral language; to prohibit a credit reporting agency from charging a fee for security freeze in the event a consumer has been notified of a security breach; require that consumer reporting agencies notify consumers of security breaches in compliance with KRS 365.732(4) to (7) and provide five years of credit monitoring; allow for a security freeze placed at one nationwide consumer reporting agency to be sent and applied to other nationwide consumer reporting agencies; require third-party agents to notify consumer reporting agencies of security breaches; require consumer reporting agencies to comply with KRS 365.732(3); prohibit requirements that consumers waive rights or submit to arbitration; amend KRS 365.730 to extend definitions to KRS 365.732; to conform the definition of "personally identifiable information"; amend KRS 365.732 to define "encrypt," and "security breach"; provide an exemption for consumer reporting agencies subject to this Act; prohibit electronic or substitute notice from being sent to electronic and email accounts involved in the security breach; provide for the request for three consumer reports from each nationwide consumer reporting agency by consumers affected by a security breach; prohibit requirements that consumers waive rights or submit to arbitration; require certain information holders to encrypt personally identifiable data; make technical corrections; amend KRS 61.931 to exempt certain persons from the definition of "nonaffiliated third parties"; conform the definition of "personally identifiable information"; make technical corrections; amend KRS 61.932, KRS 61.933, 61.934,171.450, 42.722, and 42.726 to conform; EMERGENCY.
Dec 08, 2017 - Prefiled by the sponsor(s).