Kentucky Statutes 61.931 – Definitions for KRS 61.931 to 61.934
Current as of: 2024 | Check for updates
|
Other versions
As used in KRS § 61.931 to KRS § 61.934: (1) “Agency” means:
(a) The executive branch of state government of the Commonwealth of Kentucky; (b) Every county, city, municipal corporation, urban-county government, charter
county government, consolidated local government, and unified local
government;
(c) Every organizational unit, department, division, branch, section, unit, office, administrative body, program cabinet, bureau, board, commission, committee, subcommittee, ad hoc committee, council, authority, public agency, instrumentality, interagency body, special purpose governmental entity, or public corporation of an entity specified in paragraph (a) or (b) of this subsection or created, established, or controlled by an entity specified in paragraph (a) or (b) of this subsection;
(d) Every public school district in the Commonwealth of Kentucky; and
(e) Every public institution of postsecondary education, including every public university in the Commonwealth of Kentucky and public college of the entire Kentucky Community and Technical College System;
(2) “Commonwealth Office of Technology” means the office established by KRS
42.724;
(3) “Encryption” means the conversion of data using technology that:
(a) Meets or exceeds the level adopted by the National Institute of Standards
Technology as part of the Federal Information Processing Standards: and
(b) Renders the data indecipherable without the associated cryptographic key to decipher the data;
(4) “Law enforcement agency” means any lawfully organized investigative agency, sheriff’s office, police unit, or police force of federal, state, county, urban-county government, charter county, city, consolidated local government, unified local government, or any combination of these entities, responsible for the detection of crime and the enforcement of the general criminal federal and state laws;
(5) “Nonaffiliated third party” means any person that:
(a) Has a contract or agreement with an agency; and
(b) Receives personal information from the agency pursuant to the contract or agreement;
(6) “Personal information” means an individual’s first name or first initial and last name; personal mark; or unique biometric or genetic print or image, in combination with one (1) or more of the following data elements:
(a) An account number, credit card number, or debit card number that, in combination with any required security code, access code, or password, would permit access to an account;
(b) A Social Security number;
(c) A taxpayer identification number that incorporates a Social Security number; (d) A driver’s license number, state identification card number, or other individual
identification number issued by any agency;
(e) A passport number or other identification number issued by the United States government; or
(f) Individually identifiable health information as defined in 45 C.F.R. sec.
160.103, except for education records covered by the Family Educational
Rights and Privacy Act, as amended, 20 U.S.C. § 1232g;
(7) (a) “Public record or record,” as established by KRS § 171.410, means all books, papers, maps, photographs, cards, tapes, disks, diskettes, recordings, and other documentary materials, regardless of physical form or characteristics, which are prepared, owned, used, in the possession of, or retained by a public agency.
(b) “Public record” does not include any records owned by a private person or corporation that are not related to functions, activities, programs, or operations funded by state or local authority;
(8) “Reasonable security and breach investigation procedures and practices” means data security procedures and practices developed in good faith and set forth in a written security information policy; and
(9) (a) “Security breach” means:
1. The unauthorized acquisition, distribution, disclosure, destruction, manipulation, or release of unencrypted or unredacted records or data that compromises or the agency or nonaffiliated third party reasonably believes may compromise the security, confidentiality, or integrity of personal information and result in the likelihood of harm to one (1) or more individuals; or
2. The unauthorized acquisition, distribution, disclosure, destruction, manipulation, or release of encrypted records or data containing personal information along with the confidential process or key to unencrypt the records or data that compromises or the agency or nonaffiliated third party reasonably believes may compromise the security, confidentiality, or integrity of personal information and result in the likelihood of harm to one (1) or more individuals.
(b) “Security breach” does not include the good-faith acquisition of personal information by an employee, agent, or nonaffiliated third party of the agency for the purposes of the agency if the personal information is used for a purpose related to the agency and is not subject to unauthorized disclosure.
Effective: January 1, 2015
History: Created 2014 Ky. Acts ch. 74, sec. 1, effective January 1, 2015.
Legislative Research Commission Note (1/1/2015). 2014 Ky. Acts ch. 74, sec. 10 provided that “the provisions of this Act shall not impact the provisions of KRS
61.870 to 61.884.” That proviso applies to this statute as created in Section 1 of that
Act.
(a) The executive branch of state government of the Commonwealth of Kentucky; (b) Every county, city, municipal corporation, urban-county government, charter
Terms Used In Kentucky Statutes 61.931
- City: includes town. See Kentucky Statutes 446.010
- Contract: A legal written agreement that becomes binding when signed.
- Corporation: A legal entity owned by the holders of shares of stock that have been issued, and that can own, receive, and transfer property, and carry on business in its own name.
- Corporation: may extend and be applied to any corporation, company, partnership, joint stock company, or association. See Kentucky Statutes 446.010
- Federal: refers to the United States. See Kentucky Statutes 446.010
- State: when applied to a part of the United States, includes territories, outlying possessions, and the District of Columbia. See Kentucky Statutes 446.010
- Statute: A law passed by a legislature.
county government, consolidated local government, and unified local
government;
(c) Every organizational unit, department, division, branch, section, unit, office, administrative body, program cabinet, bureau, board, commission, committee, subcommittee, ad hoc committee, council, authority, public agency, instrumentality, interagency body, special purpose governmental entity, or public corporation of an entity specified in paragraph (a) or (b) of this subsection or created, established, or controlled by an entity specified in paragraph (a) or (b) of this subsection;
(d) Every public school district in the Commonwealth of Kentucky; and
(e) Every public institution of postsecondary education, including every public university in the Commonwealth of Kentucky and public college of the entire Kentucky Community and Technical College System;
(2) “Commonwealth Office of Technology” means the office established by KRS
42.724;
(3) “Encryption” means the conversion of data using technology that:
(a) Meets or exceeds the level adopted by the National Institute of Standards
Technology as part of the Federal Information Processing Standards: and
(b) Renders the data indecipherable without the associated cryptographic key to decipher the data;
(4) “Law enforcement agency” means any lawfully organized investigative agency, sheriff’s office, police unit, or police force of federal, state, county, urban-county government, charter county, city, consolidated local government, unified local government, or any combination of these entities, responsible for the detection of crime and the enforcement of the general criminal federal and state laws;
(5) “Nonaffiliated third party” means any person that:
(a) Has a contract or agreement with an agency; and
(b) Receives personal information from the agency pursuant to the contract or agreement;
(6) “Personal information” means an individual’s first name or first initial and last name; personal mark; or unique biometric or genetic print or image, in combination with one (1) or more of the following data elements:
(a) An account number, credit card number, or debit card number that, in combination with any required security code, access code, or password, would permit access to an account;
(b) A Social Security number;
(c) A taxpayer identification number that incorporates a Social Security number; (d) A driver’s license number, state identification card number, or other individual
identification number issued by any agency;
(e) A passport number or other identification number issued by the United States government; or
(f) Individually identifiable health information as defined in 45 C.F.R. sec.
160.103, except for education records covered by the Family Educational
Rights and Privacy Act, as amended, 20 U.S.C. § 1232g;
(7) (a) “Public record or record,” as established by KRS § 171.410, means all books, papers, maps, photographs, cards, tapes, disks, diskettes, recordings, and other documentary materials, regardless of physical form or characteristics, which are prepared, owned, used, in the possession of, or retained by a public agency.
(b) “Public record” does not include any records owned by a private person or corporation that are not related to functions, activities, programs, or operations funded by state or local authority;
(8) “Reasonable security and breach investigation procedures and practices” means data security procedures and practices developed in good faith and set forth in a written security information policy; and
(9) (a) “Security breach” means:
1. The unauthorized acquisition, distribution, disclosure, destruction, manipulation, or release of unencrypted or unredacted records or data that compromises or the agency or nonaffiliated third party reasonably believes may compromise the security, confidentiality, or integrity of personal information and result in the likelihood of harm to one (1) or more individuals; or
2. The unauthorized acquisition, distribution, disclosure, destruction, manipulation, or release of encrypted records or data containing personal information along with the confidential process or key to unencrypt the records or data that compromises or the agency or nonaffiliated third party reasonably believes may compromise the security, confidentiality, or integrity of personal information and result in the likelihood of harm to one (1) or more individuals.
(b) “Security breach” does not include the good-faith acquisition of personal information by an employee, agent, or nonaffiliated third party of the agency for the purposes of the agency if the personal information is used for a purpose related to the agency and is not subject to unauthorized disclosure.
Effective: January 1, 2015
History: Created 2014 Ky. Acts ch. 74, sec. 1, effective January 1, 2015.
Legislative Research Commission Note (1/1/2015). 2014 Ky. Acts ch. 74, sec. 10 provided that “the provisions of this Act shall not impact the provisions of KRS
61.870 to 61.884.” That proviso applies to this statute as created in Section 1 of that
Act.