Mandated Timeframe for Breach Reporting and/or Consumer Notification
Withoutunreasonabledelay
Laws related specifically to personal information
Breach Reporting & Consumer Notification
Protect Personal Information
Program for Protection/Security
Third Party: Specific Obligations
Third Party: Mandated Contracts
Employee Training
Data Disposal/Destruction
Risk Assessment
Requests for Information
Fines & Penalties
Violations of breach and notification laws:
- attorney general may bring an action
Regulation Levels
Breach Reporting
Consumer Notifications
Third Party Management
Data Protection
Level Description
None to minimal
Basic Requirements
Comprehensive Requirements
Extensive Requirements
Quick Facts
There are specific considerations when determining if a breach is reportable.
Notifications may only be given by specific methods.
If notification is required to more than 1,000 persons, all consumer reporting agencies must be notified with specific information without unreasonable delay.
A covered entity must provide an individual or such individual’s personal representative with access to the individual’s protected health information.
A covered entity must implement and maintain appropriate administrative, technical and physical safeguards to protect the privacy of protected health information.
For violations of security breach statute by an insurance company licensed to do business in this state, the Insurance Commissioner shall have the sole enforcement authority.
If a vendor is breached, they must report it to the data owner. The data owner will be responsible to complete the reporting and consumer notification, but the vendor is still required to cooperate.
If your breach affects residents in other states, you will need to notify those residents using those states’ rules.
STatutes and LAWS
K.S. § 50-7a Protection of Consumer Information
K.S. § 50-6,139b Requirements for holders of personal information
K.S. § 50-669a Prohibiting the taking of personal information when using a credit card
K.S. § 50-669b Prohibiting printing of credit card or debit card account numbers on receipts
K.S. § 65-6824 Health Care Data – Same; duties of covered entity
K.S. § 40-2425 Personal identifier; use of social security number prohibited
Our site uses cookies to ensure you get the best experience on our website. If you continue without changing your browser settings, you are providing consent to our Cookie Policy.
Our site uses cookies to ensure you get the best experience on our website. If you continue without changing your browser settings, you are providing consent to our Cookie Policy.Yes, I Accept CookiesPrivacy Policy