Kansas
Privacy Laws
Overview
BREACH NOTIFICATION – Mandated Timeframe
Without unreasonable delay
FINES & PENALTIES – Violations
Attorney Gen. may bring action
Regulation Levels
-
Breach Reporting
-
Consumer Notification
-
Vendor Management
-
Vendor Contract Required
PRIVACY AND SECURITY LAWS
Laws related to personal information and privacy and security.
Breach Reporting
Required
Vendor Obligations
Required
Consumer Notification
Required
Vendor Contracts
Not Required
Vendor Notification
Required
Privacy Program
Required
QUICK FACTS
Kansas Privacy Law Information
Organizations and Vendors who maintain or possess records containing personal information must have procedures and practices in place for the protection of personal information. Organizations and Vendors who maintain or possess records containing personal information must have measures in place for the destruction of any records containing personal information.
There are specific considerations when determining if a breach is reportable. Notifications may only be given by specific methods. If notification is required to more than 1,000 persons, all consumer reporting agencies must be notified with specific information without unreasonable delay.
If your breach affects residents in other jurisdictions, those individuals must be notified based on the breach notification laws of the jurisdiction where they reside.
If a Vendor is breached, they must notify the Organization. The Organization will be responsible to complete any required regulatory and consumer breach notifications.
For violations of the security breach statute by an insurance company licensed to do business in this state, the Insurance Commissioner shall have the sole enforcement authority. A covered entity must provide an individual or such individual’s personal representative with access to the individual’s protected health information. They must also implement and maintain appropriate administrative, technical and physical safeguards to protect the privacy of protected health information.
The Attorney General may bring actions for civil relief for security breach violations. Organizations may be fined or penalized for Vendor violations. Violations of protection and disposal requirements are considered an unconscionable act or practice. Organizations may be fined or penalized for Vendor violations.
Kansas Statutes and Laws
Personal identifier; use of social security number prohibited
Prohibiting the taking of personal information when using a credit card
Prohibiting printing of credit card or debit card account numbers on receipts
Requirements for holders of personal information
Protection of consumer information
Consumer information, security breach, definitions
Security breach requirements
Health care data – same duties of covered entity
DISCLAIMER
The information provided is not legal guidance or recommendations and are for informational purposes only.