FRANKFORT, Ky. (March 11, 2014) — A bill designed to protect Kentucky consumers from attacks on their personal and financial information following 2013’s massive Target security breach on Monday passed the House 75-16.
House Bill 232, sponsored by Rep. Steve Riggs, D-Louisville, would require businesses, corporations, and state or local government entities to notify their consumers immediately of any unauthorized acquisition of a consumer’s personal or financial information.
In the case of a massive breach like the one that affected Target’s customers, the proposal would also require that the company contact all consumer reporting agencies and credit bureaus that maintain files on consumers nationwide. Notification could only be delayed “if a law enforcement agency determines that the notification will impede a criminal investigation,” according to the legislation.
The legislation would not apply to HIPAA-related information, or in cases where there is a breach of personal information subject to the federal Gramm-Leach-Bliley Act—a federal law that applies to commercial banks, investment banks, securities, and insurance companies.
The bill now goes to the Senate.