CPE Security and Breach Procedures
The Personal Information Security and Breach Investigation Procedures and Practices Act, enacted in the 2014 Regular Session, also known as House Bill 5 or the “Cyber Security Bill,” requires state and local governments to implement policies and procedures to protect confidential, sensitive personal information and notify individuals if their information has been compromised.
As such, KRS 61.932(1)(b) requires that Kentucky public colleges and universities (hereinafter referred to as “institutions”) establish and implement “reasonable security and breach investigation procedures and practices” in accordance with policies established by the Council on Postsecondary Education. KRS 61.931(8) defines “reasonable security and breach investigation procedures and practices” as “data security procedures and practices developed in good faith and set forth in a written security information policy.”
