In The Data Breach Regulatory Derby – Kentucky Loses Out to Iowa
Mahmood Sher-jan writes:
Put on your fancy hat and pour a mint julep: the annual spectacle of equestrian prowess and creative horse names is upon us. While this Saturday marks the 140th Kentucky Derby, another landmark event occurred earlier this spring in the bluegrass state: Kentucky entered the “data breach regulatory derby” and became the 47th state to enact a data breach notification law. If we were to handicap the race, this latest derby entrant is going to lose to Iowa’s recently-amended breach law, SB 2252. Next to Iowa’s new law, Kentucky is looking a bit coltish, if you will. Here’s why:
While Kentucky’s law is generally not as consumer-friendly or protective as many other states’ laws, Sher-jan does note one unusual and commendable aspect of the law:
While Kentucky’s laggard law lacks some punch, it has one wild-card element in the special attention it pays towards student data.
Law Aims to Protect Student Data
As noted, the law extends special provisions aimed at protecting student data at both public and private educational institutions in the cloud. The National Law Review reports that for the purposes of the law, student data is defined as
any information or material, in any medium or format, that concerns a student and is created or provided by the student in the course of the student’s use of cloud computing services, or by an agent or employee of the educational institution in connection with the cloud computing services. Student data includes the student’s name, email address, email messages, postal address, phone number, and any documents, photos, or unique identifiers relating to the student.
Read more on IDexperts.