2014 Kentucky Revised Statutes CHAPTER 61 - GENERAL PROVISIONS AS TO OFFICES AND OFFICERS -- SOCIAL SECURITY FOR PUBLIC EMPLOYEES -- EMPLOYEES RETIREMENT SYSTEM 61.931 Definitions for KRS 61.931 to 61.934.
Download as PDF
61.931 Definitions for KRS 61.931 to 61.934.
As used in KRS 61.931 to 61.934:
(1) "Agency" means:
(a) The executive branch of state government of the Commonwealth of
Kentucky;
(b) Every county, city, municipal corporation, urban-county government,
charter county government, consolidated local government, and unified
local government;
(c) Every organizational unit, department, division, branch, section, unit,
office, administrative body, program cabinet, bureau, board, commission,
committee, subcommittee, ad hoc committee, council, authority, public
agency, instrumentality, interagency body, special purpose governmental
entity, or public corporation of an entity specified in paragraph (a) or (b) of
this subsection or created, established, or controlled by an entity specified
in paragraph (a) or (b) of this subsection;
(d) Every public school district in the Commonwealth of Kentucky; and
(e) Every public institution of postsecondary education, including every public
university in the Commonwealth of Kentucky and public college of the
entire Kentucky Community and Technical College System;
(2) "Commonwealth Office of Technology" means the office established by KRS
42.724;
(3) "Encryption" means the conversion of data using technology that:
(a) Meets or exceeds the level adopted by the National Institute of Standards
Technology as part of the Federal Information Processing Standards: and
(b) Renders the data indecipherable without the associated cryptographic
key to decipher the data;
(4) "Law enforcement agency" means any lawfully organized investigative agency,
sheriff's office, police unit, or police force of federal, state, county, urban-county
government, charter county, city, consolidated local government, unified local
government, or any combination of these entities, responsible for the detection
of crime and the enforcement of the general criminal federal and state laws;
(5) "Nonaffiliated third party" means any person that:
(a) Has a contract or agreement with an agency; and
(b) Receives personal information from the agency pursuant to the contract
or agreement;
(6) "Personal information" means an individual's first name or first initial and last
name; personal mark; or unique biometric or genetic print or image, in
combination with one (1) or more of the following data elements:
(a) An account number, credit card number, or debit card number that, in
combination with any required security code, access code, or password,
would permit access to an account;
(b) A Social Security number;
(c) A taxpayer identification number that incorporates a Social Security
number;
(d)
(7)
(8)
(9)
A driver's license number, state identification card number, or other
individual identification number issued by any agency;
(e) A passport number or other identification number issued by the United
States government; or
(f) Individually identifiable health information as defined in 45 C.F.R. sec.
160.103, except for education records covered by the Family Educational
Rights and Privacy Act, as amended, 20 U.S.C. sec. 1232g;
(a) "Public record or record," as established by KRS 171.410, means all
books, papers, maps, photographs, cards, tapes, disks, diskettes,
recordings, and other documentary materials, regardless of physical form
or characteristics, which are prepared, owned, used, in the possession of,
or retained by a public agency.
(b) "Public record" does not include any records owned by a private person
or corporation that are not related to functions, activities, programs, or
operations funded by state or local authority;
"Reasonable security and breach investigation procedures and practices"
means data security procedures and practices developed in good faith and set
forth in a written security information policy; and
(a) "Security breach" means:
1.
The unauthorized acquisition, distribution, disclosure, destruction,
manipulation, or release of unencrypted or unredacted records or
data that compromises or the agency or nonaffiliated third party
reasonably believes may compromise the security, confidentiality, or
integrity of personal information and result in the likelihood of harm
to one (1) or more individuals; or
2.
The unauthorized acquisition, distribution, disclosure, destruction,
manipulation, or release of encrypted records or data containing
personal information along with the confidential process or key to
unencrypt the records or data that compromises or the agency or
nonaffiliated third party reasonably believes may compromise the
security, confidentiality, or integrity of personal information and
result in the likelihood of harm to one (1) or more individuals.
(b) "Security breach" does not include the good-faith acquisition of personal
information by an employee, agent, or nonaffiliated third party of the
agency for the purposes of the agency if the personal information is used
for a purpose related to the agency and is not subject to unauthorized
disclosure.
Effective:January 1, 2015
History: Created 2014 Ky. Acts ch. 74, sec. 1, effective January 1, 2015.
Legislative Research Commission Note (1/1/2015). 2014 Ky. Acts ch. 74, sec. 10
provided that "the provisions of this Act shall not impact the provisions of KRS
61.870 to 61.884." That proviso applies to this statute as created in Section 1 of
that Act.
Disclaimer: These codes may not be the most recent version. Kentucky may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.