Executive branch agency heads; responsibilities related to security of data and information technology resources; confidentiality of reports; training; breach of system security.

K.S.A. 75-7240 — under INFORMATION TECHNOLOGY.

K.S.A. 75-7240

75-7240. Executive branch agency heads; responsibilities related to security of data and information technology resources; confidentiality of reports; training; breach of system security. (a) The executive branch agency heads shall: (1) Be responsible for security of all data and information technology resources under such agency's purview, irrespective of the location of the data or resources; (2) designate an information security officer to administer the agency's information security program that reports directly to executive leadership; (3) participate in CISO-sponsored statewide cybersecurity program initiatives and services; (4) ensure that if an agency owns, licenses or maintains computerized data that includes personal information, confidential information or information, the disclosure of which is regulated by law, such agency shall, in the event of a breach or suspected breach of system security or an unauthorized exposure of that information: (A) Comply with the notification requirements set out in K.S.A. 50-7a01 et seq., and amendments thereto, and applicable federal laws and rules and regulations, to the same extent as a person who conducts business in this state; and (B) not later than 12 hours after the discovery of the breach, suspected breach or unauthorized exposure, notify: (i) The CISO; and (ii) if the breach, suspected breach or unauthorized exposure involves election data, the secretary of state. (b) The director or head of each state agency shall: (1) Participate in annual agency leadership training to ensure understanding of: (A) The potential impact of common types of cyberattacks and data breaches on the agency's operations and assets; (B) how cyberattacks and data breaches on the agency's operations and assets may impact the operations and assets of other governmental entities on the state enterprise network; (C) how cyberattacks and data breaches occur; and (D) steps to be undertaken by the executive director or agency head and agency employees to protect their information and information systems; and (2) coordinate with the executive CISO to implement the security standard described in K.S.A. 75-7238, and amendments thereto. History: L. 2018, ch. 97, § 5; L. 2023, ch. 75, § 15; L. 2023, ch. 91, § 6; L. 2024, ch. 95, § 36; July 1. Revisor's Note: CAUTION: Section was further amended L. 2024, ch. 95, § 37, to be effective on July 1, 2026. Section was also amended by L. 2023, ch. 25, § 8, but that version was repealed by L. 2023, ch. 91, § 9. Previous | Next LEGISLATIVE COORDINATING COUNCIL General Policies 2026 Archived LCC Documents Archived LCC Meetings REVISOR OF STATUTES Archived Session Documents Archived School Finance Documents USEFUL LINKS Session Laws Kansas Administrative Regulations OTHER LEGISLATIVE SITES Kansas Legislature Administrative Services Division of Post Audit Research Department Contact Us PDF Help www.ksrevisor.gov 2026