Auditor's top legislative effort aimed at increasing state's cyber security and notification of breaches

01/14/2014 06:29 PM

For two days in 2012, the Kentucky Finance and Administration Cabinet accidentally posted Social Security numbers for some Kentuckians on a publicly accessible website.

And the state didn’t have to notify those whose information was hanging out there.

Kentucky is one of just four states that don’t require notification if the security of personal information is compromised by a state or local government agency. House Bill 5 would change that to require the state to let Kentuckians know within 35 days of an incident if Social Security numbers, health information or other personal data gets out — either by accident or through a security breach.

The measure also would standardize security procedures for maintaining and destroying data files or documents containing personal information. Here’s how Edelen characterized the current state of Kentucky’s cyber security:

Edelen was referring to a massive data breach in South Carolina two years ago when that state failed to encrypt bank account number and Social Security numbers for 3.8 million taxpayers, costing the state millions of dollars.

It was a massive mistake that could have been prevented by a $12,000 encryption fix.

House Bill 5 is being sponsored by Democratic Rep. Denny Butler, a retired police detective from Louisville, and Republican Rep. Sal Santoro, a retired state police trooper from Florence.

It has 65 co-sponsors, and Santoro said lawmakers have been “running up” to him to add their names to the bill. A similar measure requiring notification of data breaches in past sessions has failed. But this is the first time Edelen has gotten involved in the issue.

His office issued a 37-page report on Dec. 19 outlining the security concerns in other states and information technology recommendations and findings to improve the state’s stewardship of sensitive information.

And state agencies aren’t the only ones that need to be more vigilant, Edelen warned:


Subscribe to email updates.

Subscribe and get the latest political intelligence delivered to your inbox.