Skip to main content
CourtGPT logoCourtGPT
Directory
Law
For Attorneys
Blog
AppointmentsSign InSign Up
§ 380.070 — Kentucky Law | CourtGPT
  1. Home/
  2. Laws/
  3. Kentucky/
  4. Chapter 380 - Debt Adjusting/
  5. § 380.070
Kentucky Legal Code

§ 380.070

Ask AI about this
380.0 70 Debt adjuster to take reasonable measures to protect debtor's personal information. (1) A debt adjuster shall take reasonable measures to: (a) Ensure the security and confidentiality of a debtor's personal information; (b) Protect against any anticipa ted threats or hazards to the security or integrity of a debtor's personal information; and (c) Protect against unauthorized access to or use of a debtor's personal information. (2) The reasonable measures required by this section shall include, at a minim um: (a) Design and implementation of a comprehensive information security program that: 1. Is written in one (1) or more readily accessible parts; 2. Contains administrative, technical, and physical safeguards that are appropriate to the size and complexit y of the debt adjuster, the nature and scope of the debt adjuster's activities, and the sensitivity of any personal information at issue; 3. Designates one (1) or more employees to coordinate compliance with the information security program; and 4. Identif ies reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of the personal information of a debtor that could result in the

ecurity program; and 4. Identif ies reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of the personal information of a debtor that could result in the unauthorized access to or use of the information, and assesses the sufficiency of any sa feguards in place to control these risks. At a minimum, the risk assessment required by this subparagraph shall include consideration of risks in each relevant area of the debt adjuster's operation, including employee training and management, information s ystems, information processing, information storage, information transmission, information disposal, and detecting, preventing, and responding to failures to comply with the information security program. (b) Design and implementation of information safegua rds to control the risks identified by the risk assessment required by this subsection, as well as regular testing or other monitoring of the effectiveness of the safeguards of key controls, systems, and procedures; (c) Requirements for regular training of employees who will or may have access to records containing personal information of debtors regarding compliance with the information

systems, and procedures; (c) Requirements for regular training of employees who will or may have access to records containing personal information of debtors regarding compliance with the information security program required by this subsection; (d) Oversight of service providers to whom personal information of a debtor will be disclosed, by taking reasonable steps to select and retain service providers that are capable of maintaining appropriate safeguards for the personal information at issue, as well as requiring service providers, by contract, to implement and mainta in those safeguards; (e) Evaluation and adjustment of the information security program in light of the results of testing and monitoring, any material changes to the operation or business arrangements of the debt adjuster, or any other circumstances that t he debt adjuster knows or has reason to know may have a material impact on compliance with the information security program; and (f) A requirement that when records containing personal information of a debtor are disposed of the records shall be shredded, erased, or otherwise modified so the personal information is made unreadable or indecipherable through any

s containing personal information of a debtor are disposed of the records shall be shredded, erased, or otherwise modified so the personal information is made unreadable or indecipherable through any means. Effective: July 15, 2010 History: Created 2010 Ky. Acts ch. 86, sec. 7, effective July 15, 2010.