Can I disclose personal information for a business purpose without complying with CCPA in Kansas? What are the requirements?

Disclosure of Personal Information for Business Purpose in Kansas

Based on the provided context documents, there is no specific law or regulation mentioned that is equivalent to the California Consumer Privacy Act (CCPA) in Kansas. However, Kansas has its own data protection law, which is the Kansas Consumer Protection Act (KCPA) ^[1.1].

Under the KCPA, holders of personal information are required to implement and maintain reasonable procedures and practices appropriate to the nature of the information, and exercise reasonable care to protect the personal information from unauthorized access, use, modification, or disclosure ^[1.1]. If federal or state law or regulation governs the procedures and practices of the holder of personal information for such protection of personal information, then compliance with such federal or state law or regulation shall be deemed compliance with this requirement ^[1.1].

Moreover, holders of personal information are required to take reasonable steps to destroy or arrange for the destruction of any records within such holder’s custody or control containing any person’s personal information when such holder no longer intends to maintain or possess such records ^[1.1].

However, there is a specific law in Kansas that prohibits the taking of personal information when using a credit card ^[1.2]. This law states that no person, firm, partnership, association, or corporation which accepts credit cards for the transaction of business shall require the cardholder, as a condition to accepting the credit card, to write any personal identification information upon the credit card transaction form or otherwise, or provide personal identification information, which the person, firm, partnership, association, or corporation accepting the credit card writes, causes to be written, or otherwise records upon the credit card transaction form or otherwise ^[1.2].

For purposes of this law, “personal identification information” means information concerning the cardholder, other than information set forth on the credit card, and including, but not limited to, the cardholder’s address and telephone number ^[1.2]. However, subsection (c) of this law states that it does not apply to personal identification information required by the card issuer to complete the credit card transaction or for a special purpose incidental but related to the individual credit card transaction, including, but not limited to, information relating to shipping, delivery, servicing, or installation of the purchased merchandise or for special orders ^[1.2].

Therefore, if you are a holder of personal information in Kansas, you must comply with the KCPA’s requirements for protecting and destroying personal information. There is no specific provision in the KCPA that allows for disclosure of personal information for a business purpose without complying with the law’s requirements. Additionally, if you accept credit cards for the transaction of business, you must comply with the requirements of the law that prohibits the taking of personal information when using a credit card ^[1.2].

In summary, while there is no equivalent law to CCPA in Kansas, holders of personal information must comply with the Kansas Consumer Protection Act’s requirements for protecting and destroying personal information. There is no provision in the KCPA that allows for disclosure of personal information for a business purpose without complying with the law’s requirements. Furthermore, if you accept credit cards for the transaction of business, you must comply with the requirements of the law that prohibits the taking of personal information when using a credit card ^[1.2].

Source(s):

• [1.1] Requirements for holders of personal information.
• [1.2] Prohibiting the taking of personal information when using a credit card.

Jurisdiction

Kansas

• Privacy