Can I store personal information about my customers in Kansas? What are the requirements?

Storing Personal Information in Kansas

If you plan to store personal information about your customers in Kansas, you should take reasonable steps to protect that information from unauthorized access, use, or disclosure. This may include implementing security measures such as encryption, firewalls, and access controls. Additionally, you should ensure that you comply with the Kansas Social Security Number Privacy Act and the Kansas Uniform Electronic Transactions Act, if applicable.

Requirements for Storing Personal Information

If you are a public agency, you must designate a local freedom of information officer who will prepare and provide educational materials and information concerning the open records act, be available to assist the public agency and members of the general public to resolve disputes relating to the open records act, respond to inquiries relating to the open records act, and establish the requirements for the content, size, shape, and other physical characteristics of a brochure required to be displayed or distributed or otherwise make available to the public under the open records act ^[2.1][2.2].

If you are a business that collects personal information, you are required to take reasonable steps to protect that information from unauthorized access, use, or disclosure ^[1.1]. You should not include social security numbers in public documents with personal information, except in certain circumstances ^[1.1]. Additionally, you should comply with the Kansas Uniform Electronic Transactions Act if you are a registered certification authority, maintain documentation of compliance with the act, and retain records of the issuance, acceptance, and any suspension or revocation of a certificate for a period of at least 10 years ^[5.1].

If you are a healthcare provider, you must comply with the Kansas department of health and environment’s form titled “authorization to disclose protected health information” ^[3.1].

If you are a public agency or a business, you must adopt procedures to be followed in requesting access to and obtaining copies of public records, which procedures shall provide full access to public records, protect public records from damage and disorganization, prevent excessive disruption of the agency’s essential functions, provide assistance and information upon request, and ensure efficient and timely action in response to applications for inspection of public records ^[2.3].

It is important to note that these requirements may not be exhaustive and that other laws and regulations may apply depending on the nature of the personal information you plan to store. Therefore, it is recommended that you consult with a legal professional to ensure compliance with all applicable laws and regulations.

^[1.1]: KSST 75-3520 ^[2.1]: KSST 45-226 ^[3.1]: KSAR 28-75-100 ^[2.2]: KSST 45-227 ^[2.3]: KSST 45-220 ^[5.1]: KSAR 7-41-7

Source(s):

• [1.1] Social security numbers; disclosure in public documents with personal information, prohibited; exceptions; use for commercial purposes, restricted; civil penalty.
• [2.1] Local freedom of information officer.
• [3.1] Authorization form
• [2.2] Brochure concerning public records.
• [2.3] Procedures for obtaining access to or copies of records; request for records; establishing office hours for inspection; custodian of records, duties; provision of information on procedures.
• [5.1] Recordkeeping and retention of registered certification authority documents

Jurisdiction

Kansas

• Privacy