Data Security Best Practice Guidelines

Published: 8/19/2016 12:51 PM

Data Breach Best Practice Guidelines

In 2006, the Kentucky General Assembly passed House Bill 341, which mandated the Kentucky Department of Education (KDE) to conduct a study of the requirements for data security and a notification process when a data breach occurs.   Since that legislation, the threat and occurrence of data breaches has only increased.

While the House Bill 341 study has remained an effective cornerstone of guidance, new legislation (KRS 61.931, et seq. or "House Bill 5") has added clarity, definition, and direction.

This Act concerns the protections of personal information and applies to every state agency, including KDE, every public school district, and every vendor with which we have contracts.   While this document incorporates best practice that we are all encouraged to follow, it as incorporates the "have to" actions from KRS 61.931, et seq. (HB5)
Data Security and Breach Notification Best Practice Guide.doc 


Updates to the Data Breach Best Practice Guide

The Data Security and Breach Notification Best Practice Guide has been incorporated by reference to 702 KAR 1:170.   Because of this, any changes or updates to the guide are restricted unless the KAR is formally opened for revision.   Because this process typically takes several months, updates to the guide will collected in the "Update to Data Security and Breach Notification Guide."   These collected updates ​will be added to the guide on an annual or semi-annual basis.


Agency Data Breach Contact (last updated August, 2016)

When a data breach notification form is sent to the KDE Data Breach Notification distribution list, the following agencies and contact receive the form: 
  1. ​Kentucky Department of Education
    Hackworth, Robert
  2. Attorney General's Office
    Winstead, Kevin (KYOAG)
  3. Auditor of Public Accounts
     (APA) Carlin, Libby (APA)
  4. Finance and Administration Cabinet
    Bishop, Cary (Finance OGC)
  5. Kentucky State Police
    Bradly, John (KSP)
  6. Kentucky Department of Library and Archives
    Casey-Goode, Georgiana (KDLA)
  7. Commonwealth Office of Technology
    Carter, David (COT)

State contract holder for security services

SDGblue, LLC is the current state contract holder.


Security guideline for Kentucky K-12 School districts

This document establishes a standard Security guideline for Kentucky K-12 School districts. 

Security Best Practice.doc  Security Best Practices.pdf

District Planning Guide for Disaster Recovery

This Planning Guide is a high-level checklist intended to assist Kentucky’s public schools create effective disaster recovery plans.

Robert Hackworth
Office of Knowledge, Information and Data Services
Division of Engineering and Management Services
300 Sower Blvd., 4th Floor
Frankfort, KY 40601
502-564-2020 ext. 2436
Fax: 502-564-1519