KANSAS
FINES & PENALTIES
Violations
Attorney Gen. may bring action
BREACH NOTIFICATION
Mandated Timeframe
Without unreasonable delay
BREACH REPORTING
There are specific considerations when determining if a breach is reportable. Notifications may only be given by specific methods. If notification is required to more than 1,000 persons, all consumer reporting agencies must be notified with specific information without unreasonable delay.
CONSUMER NOTIFICATION
If your breach affects residents in other jurisdictions, those individuals must be notified based on the breach notification laws of the jurisdiction where they reside.
FINES & PENALTIES
The Attorney General may bring actions for civil relief for security breach violations. Organizations may be fined or penalized for Vendor violations. Violations of protection and disposal requirements are considered an unconscionable act or practice. Organizations may be fined or penalized for Vendor violations.
INDUSTRY SPECIFIC LAWS
For violations of the security breach statute by an insurance company licensed to do business in this state, the Insurance Commissioner shall have the sole enforcement authority. A covered entity must provide an individual or such individual’s personal representative with access to the individual’s protected health information. They must also implement and maintain appropriate administrative, technical and physical safeguards to protect the privacy of protected health information.
PRIVACY PROGRAM
Organizations and Vendors who maintain or possess records containing personal information must have procedures and practices in place for the protection of personal information. Organizations and Vendors who maintain or possess records containing personal information must have measures in place for the destruction of any records containing personal information.
VENDOR/3RD PARTIES
If a Vendor is breached, they must notify the Organization. The Organization will be responsible to complete any required regulatory and consumer breach notifications.