InfoBytes Blog
Kansas enacts financial institutions information security act
On April 20, the Kansas governor signed SB 44 to enact the Kansas financial institutions information security act. The Act establishes information security standards for covered entities, and applies to credit service organizations, mortgage companies, supervised lenders, money transmitters, trust companies, and technology-enabled fiduciary financial institutions. A covered entity will be required to develop, implement, and maintain a cybersecurity system to protect consumer information, and must ensure its information security program is maintained as part of its books and records in compliance with established record retention requirements. Additionally, the state bank commissioner is granted the authority to adopt “all rules and regulations necessary to govern and administer the [Act’s] provisions.” The commissioner is also given an assortment of enforcement tools to administer the Act, including: conducting routine examinations; investigating a covered entity’s operations; issuing subpoenas; assessing fines and civil penalties not to exceed $5,000 per violation, as well as investigation and enforcement costs; censuring registered or licensed covered entities; entering into memorandums of understanding or consent orders; revoking, suspending, or refusing to renew the registration or license of covered entities; issuing cease-and-desist orders; filing for injunctions; or issuing emergency orders to prevent harm to consumers. The Act takes effect July 1.