Data Breach Best Practice Guidelines
In 2006, the Kentucky General Assembly passed House Bill 341, which mandated the Kentucky Department of Education (KDE) to conduct a study of the requirements for data security and a notification process when a data breach occurs. Since that legislation, the threat and occurrence of data breaches has only increased.
While the House Bill 341 study has remained an effective cornerstone of guidance, new legislation (KRS 61.931, et seq. or "House Bill 5") has added clarity, definition, and direction.
This Act concerns the protections of personal information and applies to every state agency, including KDE, every public school district, and every vendor with which we have contracts. While this document incorporates best practice that we are all encouraged to follow, it as incorporates the "have to" actions from KRS 61.931, et seq. (HB5)
Data Security and Breach Notification Best Practice Guide.doc
Updates to the Data Breach Best Practice Guide
The Data Security and Breach Notification Best Practice Guide has been incorporated by reference to 702 KAR 1:170
. Because of this, any changes or updates to the guide are restricted unless the KAR is formally opened for revision. Because this process typically takes several months, updates to the guide will collected in the "Update to Data Security and Breach Notification Guide." These collected updates will be added to the guide on an annual or semi-annual basis.
Agency Data Breach Contact (last updated April, 2015)
- Kentucky Department of Education
Hackworth, Robert email@example.com
- Attorney General's Office
Winstead, Kevin (KYOAG) firstname.lastname@example.org
- Auditor of Public Accounts
Lykins, Brian (APA) email@example.com
- Finance and Administration Cabinet
Hendrix, Doug (Finance OGC) firstname.lastname@example.org
- Kentucky State Police
Bradly, John (KSP) email@example.com
- Kentucky Department of Library and Archives
Teague, Barbara (KDLA) Barbara.Teague@ky.gov
- Commonwealth Office of Technology
LeMay, Katrina (COT) firstname.lastname@example.org
Security guideline for Kentucky K-12 School districts
This document establishes a standard Security guideline for Kentucky K-12 School districts. The Kentucky State Auditor of Public Accounts (APA) performs an annual IT Security Audit for the Kentucky Department of Education that includes a security vulnerability scan and assessment of the KETS Network and all 174 Districts.
Security Best Practice.doc Security Best Practices.pdf
KETS Server Consolidation Virtualization Case Study
This study is based on the responses of six Kentucky school districts to a series of questions about their server consolidation virtualization projects. It is intended to provide planning information and help set expectations for other districts that are considering new virtualization projects or expansions of existing virtualization environments.
Server Consolidation Case Study.xls