Auditor Edelen told the Interim Joint Committee on State Government that Kentucky is one of four states that lack such a law. Alabama, New Mexico and South Dakota are the other three.
“Kentucky ought not to be among the bottom four states for giving its citizens a base level of assurance that they will be notified if their personal data is breached,” Auditor Edelen said. This is common sense and it is the right thing to do.”
Auditor Edelen described a massive breach that occurred in South Carolina last fall in which hackers swiped financial data belonging to 6.4 million consumers and businesses from the S.C. Department of Revenue. The breach cost South Carolina at least $30 million.
South Carolina was required to notify victims, but that would not have been the case had it occurred in Kentucky, Auditor Edelen said. Notifications allow victims to take steps to protect their finances, such as enrolling in credit monitoring and applying for a credit freeze.
Kentucky has already experienced cyber security breaches, although not on the same scale. Eastern European hackers stole more than $400,000 from a Kentucky county payroll account and a state agency last year accidentally posted more than 100 current and former employees’ social security numbers on a publicly-accessible website for two days.
The Auditor’s office already conducts cyber audits for state and other agencies and performs vulnerability assessments to detect security weaknesses and risks. The office has eight full-time employees who dedicate their time to performing IT audits and releases its findings annually in a report.
But Auditor Edelen said more must be done.
He said his office will work with the state’s information technology agency to help it strengthen the state’s cyber security and will continue to address risks to state agencies.
Auditor Edelen acknowledged that it the issue is huge in scale and continues to evolve, but says there are steps policymakers can take to strengthen cyber security in the Commonwealth.
“There is a strong level of cooperation between my office and the legislature after we worked together to pass special district reform earlier this year,” Auditor Edelen said. “I hope we can carry that spirit of cooperation forward to protect the sensitive data of hundreds of thousands of Kentuckians."
Information provided by the office of Adam H. Edelen
|< Prev||Next >|