A federal district court recently found that employees aren’t protected by Kentucky’s consumer protection law because they don’t qualify as consumers, handing a solid win to employers. The April 21 decision in Viviali v. One Point HR Solutions, LLC saw the court dismiss a Kentucky Consumer Protection Act (KCPA) claim brought by a former employee whose personal data was stolen by cybercriminals. However, the court permitted KCPA claims brought by customers who also had their data stolen to proceed – in part because of the company’s delay in informing customers about the breach – as well as all other legal claims brought by the customers and the employee alike. This ongoing court battle demonstrates why companies not only need to continuously monitor their technology systems for any breaches, but promptly inform their consumers – and employees – if a breach does occur. What do you need to know about this case and what five steps should you take to best position your organization?

What Triggers a Violation of the KCPA and Who Enforces It?

The KCPA was enacted to provide consumers broad protections from illegal acts.

• It protects Kentucky’s citizens from “unfair, false, misleading, or deceptive acts or practices in trade or commerce.”
• KCPA applies to “any person who purchases or leases goods or services primarily for personal, family or household purposes and thereby suffers any ascertainable loss of money or property, real or personal, as a result of the use or employment...

Read Full Story: https://news.google.com/rss/articles/CBMigAFBVV95cUxOaVQ5STRueWU5UFFEbXU4Q1pK...