WeVote

Bill

Bill

HB 662

AN ACT relating to personally identifiable information.

2025 Regular Session

Kentucky establishes mandatory data security standards and breach notification requirements for businesses handling personally identifiable information, creating consumer protections and organizational accountability.

signed by Governor (Acts Ch. 146)
0
WeVote Research Nonpartisan
Bill Summary · HB 662

Legislative bill overview

HB 662 is a Kentucky law (now Acts Ch. 146) that regulates the handling of personally identifiable information (PII) by businesses and organizations. The bill establishes requirements for data security, breach notification, and consumer protections regarding sensitive personal data.

Why is this important

Data breaches expose millions of Americans to identity theft and fraud annually, with Kentucky consumers previously lacking comprehensive state-level protections. This law creates enforceable standards for how organizations must safeguard PII and notify affected individuals when breaches occur, providing clearer accountability and consumer remedies.

Potential points of contention

  • Compliance burden: Small businesses may face significant costs implementing the security standards and notification procedures required by the law
  • Definition scope: Disputes may arise over what constitutes "personally identifiable information" and which organizations are covered, potentially creating loopholes
  • Notification timeline: Requirements for how quickly breaches must be reported could conflict with law enforcement investigation needs or create operational challenges for affected entities

Compiled from official sources — confirm details with the bill’s official record.

Sign in to ask a question.