47th state implements breach notification regulation

The state of Kentucky has become the 47th state to implement a data breach notification statute. H.B. 232, requires businesses to disclose a breach of personal information to Kentucky residents—this includes the individual’s first name or first initial and last name in combination with either a Social Security number, or driver’s license number or account, or credit or debit card number in combination with any required security or access code. The bill also contains an amendment regarding the processing of student data for any purpose other than providing, improving, developing or maintaining the integrity of its cloud computing services, unless the cloud provider obtains express consent from the student’s parents and the data cannot be disclosed to third parties for marketing purposes.