Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · Kansas · Chapter 50 — Unfair Trade And Consumer Protection

50-6,139b.

668 words·~3 min read·/ks/chapter-50/50-6-53

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

50-6,139b. Requirements for holders of personal information.
(a)As used in this section:
(1)"Holder of personal information" or "holder" means a person who, in the ordinary course of business, collects, maintains or possesses, or causes to be collected, maintained or possessed, the personal information of any other person.
(2)"Person" means any individual, partnership, corporation, trust, estate, cooperative, association, government, governmental subdivision or agency or other entity.
(3)"Personal information" means personal information as defined by K.S.A. 50-7a01 (g), and amendments thereto, and any other information which identifies an individual for which an information security obligation is imposed by federal or state statute or regulation.
(4)"Record" has the meaning provided by K.S.A. 84-1-201 , and amendments thereto.
(b)A holder of personal information shall:
(1)Implement and maintain reasonable procedures and practices appropriate to the nature of the information, and exercise reasonable care to protect the personal information from unauthorized access, use, modification or disclosure. If federal or state law or regulation governs the procedures and practices of the holder of personal information for such protection of personal information, then compliance with such federal or state law or regulation shall be deemed compliance with this paragraph and failure to comply with such federal or state law or regulation shall be prima facie evidence of a violation of this paragraph; and
(2)unless otherwise required by federal law or regulation, take reasonable steps to destroy or arrange for the destruction of any records within such holder's custody or control containing any person's personal information when such holder no longer intends to maintain or possess such records. Such destruction shall be by shredding, erasing or otherwise modifying the personal identifying information in the records to make it unreadable or undecipherable through any means.
(c)A holder of personal information shall have an affirmative defense to a violation of subsection (b)(2) if such holder proves by clear and convincing evidence that:
(1)The violation resulted from a failure of the method of destruction of records to make personal information contained in such records unreadable or undecipherable through any means, and such failure could not reasonably have been foreseen despite the holder's exercise of reasonable care in selecting and employing a method of destruction; or
(2)the holder of personal information had in effect at the time of the violation a bona fide written or electronic records management policy, including practices and procedures reasonably designed, maintained, and expected to prevent a violation of subsection (b)(2), and that the records involved in the violation of subsection (b)(2) were destroyed or disposed of in violation of such policy. No affirmative defense under this paragraph shall be available unless such holder proves:
(A)The employees or other persons involved in the violation received training in the holder's written or electronic records management policy;
(B)the violation resulted from a good faith error; and
(C)no reasonable likelihood exists that the violation may cause, enable or contribute to identity theft or identity fraud as defined by K.S.A. 21-6107 , and amendments thereto, or to a violation of an information security obligation imposed by federal or state statute or regulation.
(d)Each violation of this section shall be an unconscionable act or practice in violation of K.S.A. 50-627 , and amendments thereto. Each record that is not destroyed in compliance with subsection (b)(2) shall constitute a separate unconscionable act within the meaning of K.S.A. 50-627 , and amendments thereto.
(e)Notwithstanding any other provision of law to the contrary, the exclusive authority to bring an action for any violation of this section shall be with the attorney general. Nothing in this section shall be construed to create or permit a private cause of action for any violation of this section.
(f)Nothing in this section relieves a holder of personal information from any duty to comply with other requirements of state and federal law regarding the protection of such information.
(g)This section shall be part of and supplemental to the Kansas consumer protection act.
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.