From: The State Journal
House Bill 5 would require faster reporting of breaches and establish training
By Kevin Wheatley
Kentucky Auditor Adam Edelen has thrown his support behind legislation aimed to improve cyber security within state and local government.
House Bill 5 would require agencies to report security breaches — such as lost or stolen health records, banking information or Social Security numbers — to law enforcement, the state auditor’s office and relevant state departments within 24 hours and notify affected individuals within 35 days. If a breach affects more than 1,000 people, the Finance Cabinet and national consumer reporting agencies would be notified.
The bill would also establish cyber security training through the Commonwealth Office of Technology and require agencies to encrypt confidential information on their computer systems.
“Every cyber security expert agrees that it’s not a matter of if an agency is hacked, but when,” Edelen said, noting Kentucky is one of four states without a notification law. “… As residents of Kentucky it’s your data, so it’s your right to be notified when it’s lost or stolen so you can protect yourself.”
He cited a major breach in South Carolina, where much of the state’s personal and corporate income tax data was hacked in 2012. South Carolina has paid some $30 million in identity theft prevention and credit monitoring, according to an audit on Kentucky government cyber security by Edelen’s office last month.