United States of America: Act amending Kentucky Revised Statutes on data privacy including cybersecurity regulation was adopted by Kentucky General Assembly
Description
Act amending Kentucky Revised Statutes on data privacy including cybersecurity regulation was adopted by Kentucky General Assembly
On 31 March 2026, the Kentucky Senate passed the Bill amending Kentucky Revised Statutes on data privacy (HB 692) with Committee Substitute (1). The Kentucky House of Representatives concurred, completing adoption of the Act amending Kentucky Revised Statutes on data privacy (HB 692). The cybersecurity provisions were unchanged by the Committee Substitute. The Act amends KRS 367.3617 to require controllers to establish, implement, and maintain reasonable administrative, technical, and physical data security practices to protect the confidentiality, integrity, and accessibility of personal data. The data security practices must be appropriate to the volume and nature of the personal data at issue. The Act will take effect on 1 July 2027.
Original sourceScope
Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
technological consumer goods
Implementation Level
subnational
Government Branch
legislature
Government Body
parliament
Complete timeline of this policy change
Hide details
2026-02-23
under deliberation
2026-03-13
under deliberation
2026-03-31
adopted
2026-04-13
adopted