Kentucky Data Disposal (KRS § 365.720 - § 365.730)

Kentucky Data Disposal

KRS § 365.720 - § 365.730

 

CITATION:

KRS Chapter 365

Records Containing Personally Identifiable Information

365.720  Definitions for KRS 365.720 to 365.730.

365.725  Destruction of customer's records containing personally identifiable information.

365.730  Civil action for damages or injunction for violation of KRS 365.725 -- Rights and remedies.

 

365.720 Definitions for KRS 365.720 to 365.730.

As used in KRS 365.720 to 365.730, unless the context requires otherwise:

(1) "Business" means a sole proprietorship, partnership, corporation, limited liability company, association, or other entity, however organized and whether or not organized to operate at a profit. "Business" shall not mean a bank as defined in 12 U.S.C. sec. 1813(a) or Subtitles 1, 2, and 3 of KRS Chapter 286, a credit union as defined in 12 U.S.C. sec. 1752 or Subtitle 6 of KRS Chapter 286, a savings association as defined in 12 U.S.C. sec. 1813(b), or an association as defined in Subtitle 5 of KRS Chapter 286. The term includes an entity that destroys records;

(2) "Customer" means an individual who provides personal information to a business for the purpose of purchasing or leasing a product or obtaining a service for business;

(3) "Individual" means a natural person;

(4) "Personally identifiable information" means data capable of being associated with a particular customer through one (1) or more identifiers, including but not limited to a customer's name, address, telephone number, electronic mail address, fingerprints, photographs or computerized image, Social Security number, passport number, driver identification number, personal identification card number or code, date of birth, medical information, financial information, tax information, and disability information; and

(5) "Records" means any material, regardless of the physical form, on which information is recorded or preserved by any means, including in written or spoken words, graphically depicted, printed, or electromagnetically transmitted.

Effective: July 12, 2006

History: Created 2006 Ky. Acts ch. 42, sec. 4, effective July 12, 2006.

 

365.725 Destruction of customer's records containing personally identifiable information.

When a business disposes of, other than by storage, any customer's records that are not required to be retained, the business shall take reasonable steps to destroy, or arrange for the destruction of, that portion of the records containing personally identifiable information by shredding, erasing, or otherwise modifying the personal information in those records to make it unreadable or indecipherable through any means.

Effective: July 12, 2006

History: Created 2006 Ky. Acts ch. 42, sec. 5, effective July 12, 2006.

 

365.730 Civil action for damages or injunction for violation of KRS 365.725 --Rights and remedies.

(1) Any customer injured by a violation of KRS 365.725 may institute a civil action to recover damages.

(2) Any business that violates, proposes to violate, or has violated any provision of KRS 365.725 may be enjoined in a civil action.

(3) The rights and remedies available under this section shall be cumulative to each other and to any other rights and remedies available under law.

Effective: July 12, 2006

History: Created 2006 Ky. Acts ch. 42, sec. 6, effective July 12, 2006.

 

For more information, see here:  https://apps.legislature.ky.gov/law/statutes/chapter.aspx?id=39074

 

These materials were obtained directly from the State Legislative websites and are posted here for your review and reference only.  No Claim to Original State Government Works.  This may not be the most recent version.  The State may have more current information.  We make no guarantees or warranties about the accuracy or completeness of this information, or the information linked to.  Please check the linked sources directly.