Cyber security bill unanimously passes House panel
01/23/2014 12:35 PM
The top legislative effort of state Auditor Adam Edelen that would better protect sensitive state data and inform the public if personal data is compromised quickly and unanimously passed out of a House committee Thursday.
All but four states currently require notification if the security of personal information is compromised by a state or local government agency.
House Bill 5 would change that to require the state to let Kentuckians know within 35 days if Social Security numbers, health information or other personal data gets out — either by accident or through a security breach.
The amount of data that Kentucky collects on citizens Edelen said “shocked” him.
“I have been shocked by the amount of information that government does have on us,” Edelen said. “Consider that if you file electronically your taxes…the government has collected your bank account numbers. Certainly they know your social security numbers. Blood type in many cases. It goes on and on.”
Edelen said it’s not a matter of if Kentucky will be hacked, but a matter of when. And he said putting the protections in place now will be a lot cheaper than paying for it later.
Edelen referred to a massive data breach in South Carolina two years ago when that state failed to encrypt bank account number and Social Security numbers for 3.8 million taxpayers, costing the state $3.5 million.
It was a mistake that Edelen said could have been prevented by a $12,000 encryption fix — something he said before when the bill was announced last week.
A substitute of the original bill did pass through the committee. It bumps the implementation of the measure to January 2015. Edelen said state and local government need time to make the necessary changes.
The bill was placed on the House consent calendar. And Edelen told reporters after the meeting that he thinks the Senate will be “fully committed to doing the right thing.”
Below the Fold
Subscribe and get the latest political intelligence delivered to your inbox.