Statutes, codes, and regulations
KANSAS STATUTES
Chapter 75 - STATE DEPARTMENTS; PUBLIC OFFICERS AND EMPLOYEES
Article 72 - INFORMATION TECHNOLOGY
Section 75-7240 - [Effective Until 7/1/2026] Executive branch agency heads; responsibilities related to security of data and information technology resources; reports, confidentiality; training; breach protocol; self-assessment reports

Kan. Stat. § 75-7240

Download
PDF
Current through 2024 Session Acts Chapter 111 and 2024 Special Session Acts Chapter 4
Section 75-7240 - [Effective Until 7/1/2026] Executive branch agency heads; responsibilities related to security of data and information technology resources; reports, confidentiality; training; breach protocol; self-assessment reports
(a) The executive branch agency heads shall:
(1) Be responsible for security of all data and information technology resources under such agency's purview, irrespective of the location of the data or resources

;

(2) designate an information security officer to administer the agency's information security program that reports directly to executive leadership;
(3) participate in CISO-sponsored statewide cybersecurity program initiatives and services;

(4) ensure that if an agency owns, licenses or maintains computerized data that includes personal information, confidential information or information, the disclosure of which is regulated by law, such agency shall, in the event of a breach or suspected breach of system security or an unauthorized exposure of that information:
(A) Comply with the notification requirements set out in K.S.A. 2023 Supp. 50-7a01 et seq., and amendments thereto, and applicable federal laws and rules and regulations, to the same extent as a person who conducts business in this state; and
(B) not later than 12 hours after the discovery of the breach, suspected breach or unauthorized exposure, notify:
(i) The CISO; and
(ii) if the breach, suspected breach or unauthorized exposure involves election data, the secretary of state.
(b) The director or head of each state agency shall:
(1) Participate in annual agency leadership training to ensure understanding of:
(A) The potential impact of common types of cyberattacks and data breaches on the agency's operations and assets;
(B) how cyberattacks and data breaches on the agency's operations and assets may impact the operations and assets of other governmental entities on the state enterprise network;
(C) how cyberattacks and data breaches occur; and
(D) steps to be undertaken by the executive director or agency head and agency employees to protect their information and information systems; and
(2)

coordinate with the executive CISO to implement the security standard described in K.S.A. 75-7238, and amendments thereto.

K.S.A. 75-7240

Amended by L. 2024, ch. 95,§ 36, eff. 7/1/2024.
Amended by L. 2023, ch. 91,§ 6, eff. 7/1/2023.
Amended by L. 2023, ch. 75,§ 15, eff. 7/1/2023.
Added by L. 2018, ch. 97,§ 5, eff. 7/1/2018.

Revisor's Note:

Section was also amended by L. 2023, ch. 25,§ 8, but that version was repealed by L. 2023, ch. 91,§ 9.

This section is set out more than once due to postponed, multiple, or conflicting amendments.