393A.830 Security breach.
216 words·~1 min read·
/ky/chapter-393a/393a-830A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
(1)Except to the extent prohibited by law other than this chapter, the administrator or
administrator's agent shall notify a holder as soon as practicable of:
(a)A suspected loss, misuse or unauthorized access, disclosure, modification, or
destruction of confidential information obtained from the holder in the
possession of the administrator or an administrator's agent; and
(b)Any interference with operations in any system hosting or housing
confidential information which:
1. Compromises the security, confidentiality, or integrity of the
information; or
2. Creates a substantial risk of identity fraud or theft.
(2)Except as necessary to inform an insurer, attorney, investigator, or others as
required by law, the administrator and an administrator's agent shall not disclose,
without the express consent in a record of the holder, an event described in
subsection
(1)of this section to a person whose confidential information was
supplied by the holder.
(3)If an event described in subsection
(1)of this section occurs, the administrator and
the administrator's agent shall:
(a)Take action necessary for the holder to understand and minimize the effect of
the event and determine its scope; and
(b)Cooperate with the holder with respect to:
1. Any notification required by law concerning a data or other security
breach; and
2. A regulatory inquiry, litigation, or similar action.