Governor Steve Beshear's Communications Office
Gov. Beshear ceremonially signs cyber security laws

Press Release Date:  Wednesday, June 11, 2014  
Contact Information:  Terry Sebastian
Jennifer Brislin

Bills strengthen notification requirements for data breaches

LOUISVILLE, Ky. – Governor Steve Beshear today ceremonially signed into law two bills that strengthen reporting requirements of electronic data breaches, outlining how public and private entities notify individuals when sensitive and personally identifiable information may have been illegally accessed.

House Bill 5 applies to public agencies such as city, county or state governments, K-12 school districts, universities and other entities such as commissions. House Bill 232 relates to any person or business that conducts business in the Commonwealth. Both bills were approved during this year’s legislative session.

“Unfortunately, we live in a time in which cyber criminals continually bombard companies and public entities in hopes of gaining access to personal information on thousands of people,” said Gov. Beshear. “That’s why it is important for government and private businesses to not only embrace the latest technology to protect sensitive information, but to also let people know when their personal data may have been fraudulently obtained. We all must be vigilant in protecting sensitive information.”

Both laws stipulate the process organizations must take to notify customers, the public, and consumer reporting agencies and credit bureaus on a timely basis. If the breach involves a public agency, HB 5 also requires the Kentucky State Police, auditor of public accounts, attorney general, Kentucky Department of Education or Council on Postsecondary Education be notified, depending on the public entity involved

“Now more than ever, we have a responsibility to guard and protect the personal information of Kentuckians,” said Rep. Denny Butler, of Louisville, who sponsored HB 5. “When sensitive personal data falls into the wrong hands, minutes and seconds count in making sure that a family’s finances and property are protected. I’m very glad to see Kentucky offer these new protections and proud that we are becoming a national leader in helping to stamp out the plague of identity theft.”

“It is incumbent on government and business to protect personal information to the highest levels possible,” said Rep. Steve Riggs, of Louisville, who sponsored HB 232. “When I found out that Kentucky was one of four states that did not have a breach notification law, I felt compelled to introduce this legislation. I thank the many business and government partners who supported it.”

“As the Commonwealth’s cyber watchdog, I am proud of the broad, bipartisan coalition of lawmakers and organizations that came together to support House Bill 5,” Auditor Adam Edelen said. “Government collects massive amounts of sensitive data on each and every one of us. Cyber security affects every Kentuckian.”

Personally identifiable information includes such things as name, social security number, passport or driver’s license numbers and credit/debit card numbers with passwords. Individuals should take precautions to protect their information as well as routinely check their credit history for any fraudulent activity. Any person can obtain one free credit report every 12 months from the three main credit reporting agencies. For more information, go to