Kentucky to enact new privacy protections, data safeguards - wave3.com-Louisville News, Weather & Sports

Kentucky to enact new privacy protections, data safeguards

Posted: Updated:
The laws will take effect in January 2015, allowing public agencies to develop safeguards and security procedures, bill sponsors said. The laws will take effect in January 2015, allowing public agencies to develop safeguards and security procedures, bill sponsors said.
Marcus Motill Marcus Motill
Governor Steve Beshear Governor Steve Beshear
Auditor Adam Edelen Auditor Adam Edelen
Rep. Steve Riggs Rep. Steve Riggs

LOUISVILLE, KY (WAVE) - We've all heard horror stories of identity theft online, especially after word that a cyber-virus could have compromised privacy for millions of us who used credit or debit cards at Target. This week, the restaurant chain P.F. Changs announced it's investigating a possible data breach. 

Such fears partially explain why Kentucky has taken steps to protect what school districts and other public agencies collect about you and your children.

As interns or employees of Interapt, a mobile software firm headquartered in the Nucleus building, Marcus Motill and other University of Louisville students are both cyber-developers and potential targets for data theft.

"We do a lot of work with health insurance companies so those questions of privacy protection come up all the time," Motill said. "And, we get a lot of spam emails through our University email addresses trying to sell us products."

Wednesday, Interapt's offices were the backdrop as Governor Steve Beshear signed two bills into law, aimed at protecting your private data, after you reveal it to public school districts or other government agencies.

"This is a proactive step by the state of Kentucky," said State Auditor Adam Edelen. "We were long overdue in implementing it."

Rep. Steve Riggs (D-Louisville) told those assembled that the impetus to sponsor one of the bills came out of a review of protections in other states. "Kentucky wasn't listed as a law that was in place," Riggs said. "And that kind of shocked me. Even Mississippi beat us!"

The new laws will require school districts and other public agencies that compile data to investigate promptly any suspicion that private data been stolen or compromised. Investigators must report their findings to agency overseers within two days. If security has been breached, the agency must notify victims within 35 days, and in 28 days if more than 1,000 people have been victimized.

Private companies also will face new restrictions.

"Cloud-computing can connect Kentucky to students around the state as well as globally," said Roger Archbold, Microsoft Corporation's regional manager for strategic alliances in education.  "It presents great opportunity, but they (new laws) prohibit a cloud service provider at a K-12 institution in Kentucky from mining or selling student data."

"A government that has the ability to collect data on the public ought to do more to protect it," Edelen said, "Certainly to make them aware if that informations been lost."

The laws make little mention of penalties that a public agency or private corporation might incur, either for failure to protect data or failure to report cyber-breaches.

The laws will take effect in January 2015, allowing public agencies to develop safeguards and security procedures, bill sponsors said.

Motill sees the measures as first-steps, but critical.

"Knowing how many different ways the system can fail, it's very comforting know that we have guidelines in place," he said.

Copyright 2014 WAVE 3 News. All rights reserved.