Introduction to Kentucky Privacy Rights
Kentucky residents face a complex privacy landscape where state laws, federal regulations, and constitutional protections intersect to safeguard personal information. Unlike comprehensive privacy law states such as California, Virginia, or Colorado, Kentucky has not enacted a broad consumer privacy statute. Instead, privacy protections in the Commonwealth exist through sector-specific laws addressing data breaches, identity theft, credit reporting, and government records access.
The Kentucky Constitution provides foundational privacy protections, particularly through Section 10, which mirrors the Fourth Amendment's protection against unreasonable searches and seizures. However, these constitutional provisions primarily govern government conduct rather than private sector data practices. Kentucky residents must navigate a patchwork of federal laws like HIPAA, FCRA, and COPPA, supplemented by Kentucky-specific statutes that address data security breaches, criminal records dissemination, and public records access.
Compared to leading privacy protection states, Kentucky maintains a more business-friendly regulatory environment with fewer mandated consumer data rights. The state has not adopted biometric privacy laws, comprehensive data minimization requirements, or universal opt-out mechanisms for data sales. Kentucky's approach emphasizes transparency through breach notification requirements under KRS 61.931 and 61.932, while relying heavily on federal frameworks for healthcare, financial, and children's privacy protection. This creates both opportunities and challenges for Kentucky residents seeking to control their personal information in an increasingly digital economy where data collection, aggregation, and monetization continue to expand.
Kentucky's State Privacy Laws
Kentucky's privacy legal framework consists primarily of sector-specific statutes rather than comprehensive consumer privacy legislation. The most significant state-level privacy protection comes through Kentucky's data breach notification law, codified in KRS Chapter 61.931 and 61.932.
Under KRS 61.931, any "information holder" that owns, licenses, or maintains computerized personal information must implement and maintain reasonable security measures to protect that information from unauthorized access, use, modification, or disclosure. "Personal information" is defined as an individual's first name or initial and last name combined with any one or more of the following: Social Security number, driver's license number, state ID card number, or account/credit/debit card numbers with required security codes. This statute applies to both governmental entities and private businesses operating in Kentucky.
The companion statute, KRS 61.932, establishes Kentucky's data breach notification requirements. When a security breach occurs involving unencrypted personal information, information holders must notify affected Kentucky residents "without unreasonable delay." The notification must include: the date of the breach, a description of the personal information compromised, contact information for consumer reporting agencies, and advice to remain vigilant for signs of identity theft. If the breach affects more than 1,000 Kentucky residents, the information holder must also notify the Attorney General, all consumer reporting agencies, and, when applicable, the owner or licensee of the breached data.
KRS 365.732 through 365.737 address identity theft protections and remedies. These statutes allow identity theft victims to file police reports, place security freezes on credit reports, and obtain expedited correction of fraudulent information in their records. Under KRS 365.734, consumer reporting agencies must place security freezes within five business days of receiving a request from a Kentucky resident, and the freeze must remain in effect until the consumer requests its removal.
Employee privacy in Kentucky is governed by both federal law and limited state protections. KRS 344.040 prohibits employment discrimination but does not create broad workplace privacy rights. Kentucky has not enacted comprehensive employee monitoring notification laws, meaning employers generally may monitor employee communications, computer usage, and workplace activities without prior consent, provided such monitoring serves legitimate business purposes. However, KRS 61.872(1) protects certain public employee records from disclosure, including personal information in personnel files.
Financial privacy in Kentucky is primarily governed by federal law, particularly the Gramm-Leach-Bliley Act (GLBA) and the Fair Credit Reporting Act (FCRA). Kentucky has not enacted state-specific financial privacy statutes beyond its general data breach notification requirements. However, KRS 286.8-020 requires Kentucky financial institutions to implement information security programs, complementing federal requirements.
KRS 434.840 through 434.860 criminalize various forms of identity theft and unauthorized access to computer systems. These statutes impose criminal penalties on individuals who knowingly access, misuse, or disclose personal information without authorization, providing enforcement mechanisms for privacy violations that rise to criminal conduct.
Freedom of Information / Open Records in Kentucky
Kentucky's public records law is formally known as the Kentucky Open Records Act, codified in KRS 61.870 through 61.884. This statute establishes that all public records are open for inspection by any person unless specifically exempted by law, reflecting Kentucky's constitutional commitment to government transparency under Section 14 of the Kentucky Constitution.
Under KRS 61.870(2), "public records" include all books, papers, maps, photographs, cards, tapes, discs, diskettes, recordings, software, or other documentation regardless of physical form or characteristics, which are prepared, owned, used, in the possession of, or retained by a public agency. This definition encompasses both traditional paper records and electronic information, including emails, text messages, and database records maintained by government entities.
To request records under the Kentucky Open Records Act, requesters must submit a written request to the official custodian of the records at the specific public agency. KRS 61.872(2) requires requests to "precisely describe" the records sought. The request need not cite the Open Records Act or explain the purpose for seeking records. Upon receiving a request, the agency must respond within five business days, either providing access to the records, denying the request with specific statutory justification, or explaining that additional time is needed to locate or review voluminous records.
Kentucky law establishes numerous exemptions to public disclosure. KRS 61.878(1) lists thirteen categories of exempt records, including: records containing information of a personal nature where public disclosure would constitute an unreasonable invasion of personal privacy (subsection (a)); records confidentially disclosed to an agency and generally recognized as confidential or proprietary (subsection (c)(1)); and preliminary drafts, notes, correspondence, and memoranda (subsection (i)). Additional exemptions appear throughout Kentucky statutes, including educational records under KRS 160.700, victim information under KRS 17.150, and protected health information under KRS 61.878(1)(a).
Fee schedules under the Kentucky Open Records Act are regulated by KRS 61.874. Agencies may charge actual costs for copying records, which the Attorney General has interpreted to mean the incremental cost of materials, supplies, and labor. Most agencies charge between $0.10 and $0.25 per page for paper copies. Agencies may charge reasonable fees for programming and staff time required to produce records in alternative formats, though they cannot charge for staff time spent reviewing records to determine whether exemptions apply. Requesters may inspect records without charge, and many agencies now provide records electronically at minimal or no cost.
The appeals process for denied requests follows KRS 61.880. Requesters who receive denials may appeal to the Kentucky Attorney General's Office within 30 days. The Office of the Attorney General issues Open Records Decisions interpreting the law and directing agencies to release or withhold records. These decisions create persuasive precedent, though they are not binding court orders. If dissatisfied with the Attorney General's decision, either party may appeal to Circuit Court within 30 days under KRS 61.882. Courts may award attorney fees and costs to requesters who substantially prevail in litigation.
HIPAA and Health Privacy
The Health Insurance Portability and Accountability Act (HIPAA) establishes baseline federal privacy protections for protected health information (PHI) throughout the United States, including Kentucky. HIPAA's Privacy Rule applies to covered entities—healthcare providers, health plans, and healthcare clearinghouses—operating in Kentucky, requiring patient authorization before disclosing PHI for most purposes beyond treatment, payment, and healthcare operations.
Kentucky has supplemented HIPAA protections through state-specific statutes. KRS 422.317 governs the confidentiality of HIV and AIDS testing information, imposing stricter protections than HIPAA requires. Healthcare providers and laboratories may not disclose HIV test results without written, informed consent from the patient, except in limited circumstances involving healthcare personnel exposure or court orders. Violations constitute a Class A misdemeanor, creating criminal liability beyond HIPAA's civil penalties.
KRS 202A.091 protects mental health treatment records, requiring written consent before disclosure of psychiatric and psychological treatment information. This statute applies to public and private mental health facilities and individual practitioners. Similarly, KRS 222.231 establishes confidentiality protections for alcohol and substance abuse treatment records, paralleling federal protections under 42 CFR Part 2 but providing state-level enforcement mechanisms.
Kentucky patients can access their medical records under both HIPAA and KRS 422.315, which specifically grants patients the right to examine and copy their healthcare records. Healthcare providers must respond to access requests within fifteen days under Kentucky law, though HIPAA permits up to thirty days. Providers may charge reasonable fees for copying, which Kentucky law limits to actual costs. Under KRS 422.320, patients may request amendments to their medical records, and providers must either make the amendment or provide a written explanation for refusing within sixty days.
The Kentucky Cabinet for Health and Family Services oversees certain aspects of health privacy enforcement within the Commonwealth, particularly for state-operated healthcare facilities and Medicaid programs. However, primary HIPAA enforcement authority remains with the U.S. Department of Health and Human Services Office for Civil Rights. Kentucky residents who believe their health privacy rights have been violated should file complaints with both state and federal authorities to ensure comprehensive investigation.
Consumer Data Privacy Rights
Kentucky residents do not currently enjoy comprehensive consumer data privacy rights comparable to those established under California's Consumer Privacy Act or similar legislation in other states. Kentucky has not enacted a general consumer privacy statute granting rights to access, delete, correct, or opt out of the sale of personal information collected by businesses. Instead, Kentucky consumers must rely on federal frameworks and sector-specific protections.
Under the federal Fair Credit Reporting Act (FCRA), Kentucky residents have specific rights regarding information collected and maintained by consumer reporting agencies. Consumers may request free annual credit reports from Equifax, Experian, and TransUnion through AnnualCreditReport.com. Kentucky residents also have the right to dispute inaccurate information, and consumer reporting agencies must investigate disputes within thirty days. Under KRS 367.310, Kentucky provides additional protections by requiring debt collectors to cease communications upon written request and prohibiting various deceptive collection practices.
Kentucky residents can exercise data privacy rights through several practical mechanisms. For credit reporting, KRS 365.734 allows consumers to place security freezes on their credit files, preventing new creditors from accessing credit reports without explicit authorization. Security freezes provide strong protection against identity theft and unauthorized account openings. Consumer reporting agencies must implement freezes within five business days and remove them within three business days of receiving proper authorization.
Removing information from data broker websites requires individual opt-out requests to each company. Major people-search sites like Spokeo, BeenVerified, Whitepages, Intelius, and TruthFinder maintain opt-out procedures, typically accessible through privacy policy pages. However, Kentucky law does not mandate that data brokers honor removal requests or provide centralized opt-out mechanisms. Consumers must persistently monitor and request removal from multiple databases, as information often reappears when brokers acquire updated records from public sources.
The federal Telephone Consumer Protection Act (TCPA) provides Kentucky residents with rights to opt out of telemarketing calls and text messages. Consumers can register phone numbers on the National Do Not Call Registry at DoNotCall.gov. Additionally, the CAN-SPAM Act grants rights to unsubscribe from commercial emails. Kentucky has not enacted state-specific telemarketing or email privacy laws beyond federal requirements.
For online privacy, Kentucky residents should understand that websites and apps generally may collect, use, and share personal information as disclosed in privacy policies, absent specific legal restrictions. Kentucky consumers lack statutory rights to opt out of targeted advertising, demand data deletion, or prevent data sales unless companies voluntarily provide these options. Residents concerned about online tracking should utilize browser privacy settings, virtual private networks (VPNs), and privacy-focused tools like ad blockers and tracking protection features.
Kentucky's data breach notification law (KRS 61.932) provides reactive protections by requiring businesses to notify consumers when personal information is compromised. Upon receiving breach notifications, Kentucky residents should immediately place fraud alerts or security freezes on credit reports, monitor financial accounts for suspicious activity, and consider identity theft protection services. The Kentucky Attorney General's Office maintains resources for identity theft victims at ag.ky.gov.
Employment Background Checks & Privacy
Kentucky employers conducting background checks on job applicants and employees must comply with both federal and state regulations. The federal Fair Credit Reporting Act (FCRA) governs most employment background checks, requiring employers to obtain written authorization before procuring consumer reports and providing adverse action notices when denying employment based on report contents.
Kentucky has not enacted comprehensive "ban-the-box" legislation prohibiting employers from inquiring about criminal history on initial job applications. However, Executive Order 2017-022 applies to executive branch state agencies, directing them to remove criminal history questions from initial employment applications and delay criminal background checks until conditional job offers are extended. This order does not apply to private employers or positions where law prohibits hiring individuals with specific criminal convictions.
Under KRS 61.872 to 61.884, Kentucky Open Records Act exemptions protect certain employment-related information in government agency files. Personal information in public employee personnel files, including Social Security numbers, home addresses, telephone numbers, and financial disclosure information, is exempt from public disclosure under KRS 61.878(1)(a). However, public employee names, positions, salaries, and work locations generally remain public records.
KRS 335B.020 regulates consumer reporting agencies operating in Kentucky and complements federal FCRA requirements. The statute requires consumer reporting agencies to maintain reasonable procedures ensuring maximum possible accuracy in consumer reports. Kentucky consumers who discover inaccuracies in employment background checks may dispute errors directly with reporting agencies, which must investigate within thirty days and correct or delete unverifiable information.
Kentucky employers generally may access criminal records through the Kentucky State Police Criminal Records Check system. KRS 17.165 and 17.170 authorize criminal history checks for employment purposes in certain industries, including healthcare, education, and positions involving vulnerable populations. The Kentucky State Police maintains the online Criminal History Record Check system at kentuckystatepolice.org, allowing employers and individuals to request criminal history reports.
Criminal records in Kentucky remain accessible indefinitely unless expunged through legal proceedings. KRS 431.073 through 431.079 establish expungement procedures for eligible offenses. Misdemeanor convictions may be expunged five years after completion of sentence, while certain Class D felonies may be expunged five years after completion. Violent offenses, sex crimes, and offenses involving victims under sixteen are generally ineligible for expungement. Individuals with expunged records may legally deny the existence of the arrest and conviction for most purposes, including employment applications.
To dispute inaccurate background check information, Kentucky residents should first contact the consumer reporting agency that generated the report, providing documentation supporting the dispute. Under FCRA, agencies must investigate within thirty days. If the agency does not correct errors, consumers may add explanatory statements to their files and file complaints with the Federal Trade Commission and the Kentucky Attorney General's Consumer Protection Division. For inaccurate criminal records maintained by Kentucky State Police, individuals should contact the Criminal Identification and Records Branch to request corrections, providing court documentation supporting the necessary changes.
Protecting Yourself in Kentucky
Kentucky residents can take proactive steps to protect personal privacy and minimize exposure of sensitive information through systematic action across multiple domains. The following practical guide provides specific procedures for enhancing privacy protection within the Commonwealth.
Opting Out of People-Search Sites
Begin by identifying which people-search websites display your information. Search your name, phone numbers, and addresses on major sites including Spokeo, Whitepages, BeenVerified, Intelius, TruthFinder, PeopleFinders, and MyLife. Each site maintains separate opt-out procedures, typically found in privacy policies or help sections. Most require you to locate your listing, copy the URL, and submit removal requests through online forms. Document each request with screenshots and confirmation numbers. Re-check sites quarterly, as information often reappears from public record sources. Consider using privacy services like DeleteMe or Privacy Duck, which automate ongoing opt-out requests for subscription fees ranging from $100-300 annually.
Freezing Credit Reports
Under KRS 365.734, place security freezes with all three major credit bureaus: Equifax (equifax.com/personal/credit-report-services/), Experian (experian.com/freeze/center.html), and TransUnion (transunion.com/credit-freeze). Online freeze requests process within one business day. Provide your name, address, date of birth, and Social Security number. Each bureau issues a unique PIN or password for managing your freeze. Security freezes remain in effect until you temporarily lift or permanently remove them. Freezes prevent new creditors from accessing your credit file, blocking most identity thieves from opening fraudulent accounts. Kentucky law prohibits credit bureaus from charging fees for placing, lifting, or removing security freezes.
Requesting Record Sealing and Expungement
Kentucky residents with eligible criminal records may petition for expungement under KRS 431.073 through 431.079. Determine eligibility based on offense type and time since completion of sentence—generally five years for misdemeanors and certain Class D felonies. Obtain your Kentucky criminal history from the State Police Criminal Identification and Records Branch (kentuckystatepolice.org). File an expungement petition in the court where the conviction occurred, paying filing fees typically ranging from $100-300. The Commonwealth's Attorney receives notice and may object. Courts schedule hearings to determine whether expungement serves the interests of justice and the defendant's rehabilitation. If granted, courts order all agencies to seal records, though some law enforcement and professional licensing boards retain limited access.
Removing Information from Public Records
Contact county clerks to inquire about redacting addresses from property records under KRS 382.135, which permits certain officials, judges, and law enforcement personnel to request confidentiality. Most Kentucky residents cannot remove accurate information from legitimate public records but can request corrections of factual errors. Contact the specific agency maintaining incorrect records—county clerks for property records, circuit court clerks for civil court records, or state agencies for licensing records. Submit written correction requests with supporting documentation.
Contacting Key Privacy Protection Agencies
Kentucky Attorney General's Consumer Protection Division handles consumer privacy complaints and identity theft reports. Contact them at (888) 432-9257 or ag.ky.gov. The Kentucky State Police Criminal Identification and Records Branch manages criminal history records and corrections at (502) 564-5230. For federal privacy violations, contact the Federal Trade Commission at identitytheft.gov for identity theft assistance or ftc.gov/complaint for general consumer complaints. Report HIPAA violations to the U.S. Department of Health and Human Services Office for Civil Rights at hhs.gov/ocr/privacy/.
Additional Privacy Protection Measures
Register phone numbers on the National Do Not Call Registry at donotcall.gov to reduce telemarketing calls. Configure privacy settings on social media platforms to limit public visibility of personal information. Use strong, unique passwords for each online account, stored in a password manager. Enable two-factor authentication wherever available. Review privacy policies before providing personal information to businesses. Shred documents containing sensitive information before disposal. Monitor bank and credit card statements monthly for unauthorized transactions. Review annual credit reports from AnnualCreditReport.com for accounts you did not open.
Kentucky Data Breach Notification
Kentucky's data breach notification law, codified in KRS 61.932, establishes comprehensive requirements for information holders who experience security breaches involving personal information. This statute applies to both government agencies and private businesses that own, license, or maintain personal information about Kentucky residents.
Under the statute, "personal information" means an individual's first name or initial and last name in combination with any one or more of the following: Social Security number, driver's license number, state identification card number, or financial account numbers (including credit and debit card numbers) combined with required security codes or passwords. The information must be unencrypted or not protected by another method that renders it unreadable or unusable.
When a security breach occurs, information holders must notify affected Kentucky residents "without unreasonable delay." Kentucky law does not specify an exact timeframe in days, giving the statute flexibility but requiring prompt action once the breach is discovered and investigated. Courts and regulatory authorities interpret "unreasonable delay" based on circumstances, but notifications typically must occur within 30 to 60 days of breach discovery.
Required notification elements include: the date of the breach or estimated date if exact timing is unknown; a description of the categories of personal information compromised; contact information for the three major consumer reporting agencies (Equifax, Experian, TransUnion); advice to remain vigilant for signs of identity theft and fraud; contact information for the information holder; and, when applicable, a description of remedial measures the information holder is taking.
When a breach affects more than 1,000 Kentucky residents, KRS 61.932(2)(c) requires information holders to also notify: the Kentucky Attorney General's Office, all consumer reporting agencies, and the owner or licensee of the breached data (if the information holder does not own the data). This expanded notification requirement enables regulatory oversight of significant breaches and allows credit bureaus to implement protective monitoring.
Information holders may provide notifications through multiple methods: written notice mailed to last known addresses, electronic notice if consistent with provisions regarding electronic records in the Uniform Electronic Transactions Act (KRS 369.101 to 369.120), or substitute notice when contact information is insufficient or the cost of notification exceeds $250,000. Substitute notice must include email notice if email addresses are available, conspicuous posting on the information holder's website, and notification to major statewide media.
Penalties for violating Kentucky's data breach notification law may include civil liability under the Kentucky Consumer Protection Act (KRS 367.170), which authorizes the Attorney General to seek injunctions and civil penalties up to $2,000 per violation. Additionally, affected individuals may pursue civil lawsuits for damages resulting from notification failures. While Kentucky statutes do not specify criminal penalties for breach notification violations, related offenses like identity theft under KRS 434.840 through 434.860 carry criminal sanctions.
Children's Privacy in Kentucky
Children's privacy in Kentucky receives protection through federal laws supplemented by state-specific provisions for educational records and child welfare information. The federal Children's Online Privacy Protection Act (COPPA) applies nationwide, requiring operators of websites and online services directed to children under 13 to obtain verifiable parental consent before collecting personal information. The Federal Trade Commission enforces COPPA, and Kentucky-based businesses operating child-directed websites must comply with these requirements.
The Family Educational Rights and Privacy Act (FERPA) protects the privacy of student education records in Kentucky schools receiving federal funding. Under FERPA, parents have rights to inspect and review education records, request amendments, and control disclosures of personally identifiable information. Once students reach age 18 or attend postsecondary institutions, FERPA rights transfer to the students themselves. Kentucky schools must annually notify parents and eligible students of their FERPA rights.
KRS 160.700 supplements FERPA by establishing Kentucky-specific protections for student records. This statute prohibits school districts from releasing student records without parental consent except in circumstances permitted by FERPA, including disclosures to school officials with legitimate educational interests, other schools to which students transfer, and in compliance with judicial orders. Kentucky schools must maintain logs of record disclosures and make them available to parents upon request.
KRS 620.050 protects the confidentiality of child abuse and neglect records maintained by the Cabinet for Health and Family Services. These records remain confidential and may not be disclosed except to persons or agencies with legitimate interests in case assessment, investigation, or treatment. Unauthorized disclosure constitutes a Class B misdemeanor, reflecting Kentucky's strong policy protecting children involved in protective services.
The Kentucky Department of Education maintains the Kentucky Student Information System (KSIS), which collects student data from local school districts. Under KRS 158.6453, this data receives statutory confidentiality protections. The Department may not release personally identifiable student information without parental consent, except for legitimate educational research purposes where researchers agree to confidentiality terms and data is de-identified when possible.
Kentucky parents concerned about their children's privacy should annually review and limit directory information designations at their children's schools. FERPA permits schools to release "directory information" (names, addresses, phone numbers, dates of birth, grade levels, participation in activities, awards) without consent unless parents opt out. Kentucky parents should submit written opt-out requests to school administrators at the beginning of each academic year.
Frequently Asked Questions
Does Kentucky have a comprehensive consumer privacy law like California's CCPA?
No, Kentucky has not enacted comprehensive consumer privacy legislation. Kentucky residents do not have statutory rights to access, delete, or opt out of the sale of personal information collected by businesses. Privacy protections in Kentucky come from sector-specific state laws addressing data breaches, identity theft, and public records, supplemented by federal laws like HIPAA, FCRA, and COPPA. Kentucky consumers seeking California-style privacy rights must wait for future legislation or rely on company privacy policies that voluntarily extend privacy rights to all U.S. consumers.
How long does a Kentucky government agency have to respond to an Open Records request?
Under KRS 61.872(2), Kentucky public agencies must respond to Open Records requests within five business days of receiving the request. The response must either grant access to the records, deny the request with specific legal justification, or explain that additional time is needed to locate or review voluminous records. If additional time is needed, agencies must provide a detailed explanation and a specific date when records will be available, which courts generally interpret as permitting reasonable extensions based on request complexity.
Can I expunge my criminal record in Kentucky?
Kentucky permits expungement of certain criminal records under KRS 431.073 through 431.079. Misdemeanor convictions may be expunged five years after completing your sentence, including probation and fines. Certain Class D felonies are eligible for expungement five years after sentence completion. However, violent offenses, sex crimes, offenses against minors, DUI convictions, and most felonies are not eligible for expungement. You must petition the court where you were convicted, and the Commonwealth's Attorney may object. Courts consider factors including rehabilitation, time since offense, and public interest when deciding expungement petitions.
What must Kentucky businesses do when they experience a data breach?
Under KRS 61.932, Kentucky businesses that experience breaches of unencrypted personal information must notify affected Kentucky residents "without unreasonable delay." Notifications must include the breach date, types of information compromised, consumer reporting agency contact information, and advice to monitor for identity theft. If more than 1,000 Kentucky residents are affected, businesses must also notify the Kentucky Attorney General, major consumer reporting agencies, and data owners. Failure to provide required notifications may result in civil penalties under the Kentucky Consumer Protection Act and potential civil liability to affected individuals.
How do I place a security freeze on my credit in Kentucky?
Under KRS 365.734, Kentucky residents may place security freezes on credit reports by contacting each of the three major credit bureaus: Equifax, Experian, and TransUnion. You can request freezes online, by phone, or by mail. Provide your name, address, date of birth, and Social Security number. Credit bureaus must implement freezes within five business days (one business day for online requests) and provide you with a unique PIN or password to manage the freeze. Kentucky law prohibits bureaus from charging fees for placing, lifting, or removing security freezes. Freezes remain in effect until you remove them and prevent most creditors from accessing your credit file.
Are Kentucky employers required to remove criminal history questions from job applications?
Kentucky has not enacted statewide "ban-the-box" legislation applicable to private employers. However, Executive Order 2017-022 requires executive branch state agencies to remove criminal history questions from initial employment applications and delay criminal background checks until conditional offers are extended. This order does not apply to private employers or positions where statutes prohibit hiring individuals with specific convictions. Some Kentucky cities have considered local ban-the-box ordinances, but no major jurisdiction has enacted comprehensive restrictions. Private employers generally may inquire about criminal history during initial applications, subject to federal EEOC guidance regarding discriminatory use of criminal records.
Can I remove my address from Kentucky property records?
Kentucky property records maintained by county clerks are generally public under the Kentucky Open Records Act. KRS 382.135 permits certain individuals—including active and retired peace officers, judges, prosecutors, and public defenders—to request confidentiality for their addresses in property records by submitting written requests to county clerks. Most Kentucky residents do not qualify for this statutory protection and cannot remove accurate addresses from property records. However, you can request that data brokers and people-search websites remove your information, reducing the visibility of your address even though it remains in official public records. County clerks must correct factual errors in property records when you provide supporting documentation.
What are my rights if I receive a data breach notification in Kentucky?
Upon receiving a data breach notification, Kentucky residents should immediately take protective action. You have the right to place fraud alerts or security freezes on your credit reports at no cost under KRS 365.734. Request free credit reports from AnnualCreditReport.com and review them for unauthorized accounts. Monitor financial accounts for suspicious transactions. Consider enrolling in credit monitoring services, which breached companies often provide free for affected individuals. Document all correspondence regarding the breach. You may have grounds for civil litigation if the breached entity failed to implement reasonable security measures or provide timely notification. Report identity theft to the Kentucky Attorney General's Consumer Protection Division at (888) 432-9257 and file reports with local police and the Federal Trade Commission at IdentityTheft.gov.