Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Create an account
Join our community for free to access exclusive whitepapers, reports, and regulatory information.
Kansas: Governor signs cybersecurity bill into law
The Governor of Kansas, Laura Kelly, announced, on 18 April 2023, that they had signed into law House Bill No. 2019 for An Act concerning information technology ('the Act'). In particular, the Act, among other things, lays down requirements for reporting significant cybersecurity incidents by entities maintaining personal information provided by the State of Kansas or using information systems operated by the same.
More specifically, the Act requires any public entity that has a significant cybersecurity incident to notify the Kansas Information Security Office ('KISO') within 12 hours after the discovery of such an incident. Similarly, the Act mandates that any government contractor that has a significant cybersecurity incident that involves the confidentiality, integrity, or availability of personal information or confidential information provided by the State of Kansas, networks, or information systems operated by or on behalf of the State of Kansas, shall notify the KISO:
- within 72 hours after reasonably believing that such a significant cybersecurity incident occurred; or
- if a determination is made during the investigation that such information, networks, or systems were directly impacted, notify the KISO within 12 hours after such determination is made.
In addition, the Act establishes that, before 1 October 2023, the KISO shall release on its website instructions for submitting the cybersecurity reports note above.
Moreover, the Act provides for the definition of key terms, such as 'government contractor', which means an individual or private entity that performs work for, or on behalf of, the State of Kansas on a contract basis, and that has access to or is hosting state networks, systems, application, or information.
Further, the Governor stated that "In today's digital world, it is essential to ensure cybersecurity measures are in place to protect communities across Kansas. I am pleased to sign House Bill 2019, a bipartisan solution that protects privacy and taxpayer dollars by improving our ability to prevent and respond to cybersecurity attacks".
Finally, the Act will become effective on 1 July 2023.
You can read the announcement here, the Act here, and view its history here.
Send us your Feedback!
Please let us know what you think of DataGuidance! It will only take 60 seconds and help us make the site better for you.
