Ask Reggi Your Question Now

Reggi is the free generative AI assistance for regulatory compliance
Ask a Question

Can I avoid having a data breach response plan in Kansas? What are the requirements?

To answer your question, no, you cannot avoid having a data breach response plan in Kansas if you conduct business in the state or own or license computerized data that includes personal information [1.1].

Requirements for a Data Breach Response Plan in Kansas

If you are subject to the data breach response plan requirements, you must conduct a reasonable and prompt investigation to determine the likelihood that personal information has been or will be misused if you become aware of any breach of the security of the system [1.1].

Your data breach response plan must include specific processes and procedures to ensure a timely resumption of services and minimize financial loss to the credit union [3.1].

Consequences of Violating Data Breach Response Plan Requirements

If you violate the data breach response plan requirements, the attorney general is empowered to bring an action in law or equity to address violations of this section and for other relief that may be appropriate [1.1].

COVID-19 Pandemic and Severability

It is important to note that the provisions of the act concerning governmental response to the 2020 COVID-19 pandemic in Kansas are severable [2.1].

Definition of Personal Information

Personal information is defined as a consumer’s first name or first initial and last name linked to any one or more of the following data elements that relate to the consumer, when the data elements are neither encrypted nor redacted: (1) Social security number; (2) driver’s license number or state identification card number; or (3) financial account number, or credit or debit card number, alone or in combination with any required security code, access code or password that would permit access to a consumer’s financial account [1.2].

In conclusion, if you conduct business in Kansas or own or license computerized data that includes personal information, you must have a data breach response plan that meets the requirements outlined in the relevant statutes [1.1][3.1].

Source(s):
Jurisdiction

Kansas