Law: Please note this State does not have a general privacy law in effect, you can visit USA State Law Tracker to monitor the progress of US State bills.
Regulator: The Kentucky Attorney General ('AG')
Summary: Although Kentucky does not have a general privacy law, the Supreme Court of Kentucky has interpreted that the Constitution of Kentucky 1792 (as adopted in 1891) recognises the right of privacy. In addition, the State has various laws related to privacy such as §367.170 of Chapter 367 of Title XXIX of the KRS ('the Consumer Protection Act'), which refers to unfair, false, misleading, or deceptive acts or practices in the conduct of any trade or commerce as unlawful. The AG is charged with enforcement of the Consumer Protection Act, and is empowered to seek injunctive relief, sue for, collect, receive and take into their possession all property of the defendant, and ask for the appointment of a receiver to settle the estate of the defendant and distribute assets under the direction of the court. Under the Kentucky data breach notification law (§365.732 of Title XXIX of the KRS), a personal data breach must be notified to affected Kentucky residents and, if such breach affects more than 1,000 Kentucky residents, all consumer reporting agencies and credit bureaus that compile and maintain files on consumers on a nationwide basis.