On March 15, Kentucky passed HB 473, which revises the Kentucky Consumer Data Protection Act to include new data exemptions and technical enhancements in advance of its Jan. 1, 2026, effective date.
Kentucky passed HB 473 on March 15, 2025, revising the Kentucky Consumer Data Protection Act (KCDPA) ahead of its effective date of Jan. 1, 2026. The new revisions include two categories of data that are exempted under the Act. These exemptions cover health data collected by HIPAA-covered providers and data within limited data sets as per HIPAA regulations. The bill also modifies the data protection impact assessment process to address profiling practices most likely to have discriminatory effects on consumers. The modifications aim to make data protection requirements easier to comply with while maintaining federal health privacy standards alignment.
The Kentucky Consumer Data Protection Act was enacted initially to strengthen consumer privacy protections in the state. The recent amendments are an ongoing attempt to clarify and improve provisions as the effective date of the legislation approaches. HB 473 reaffirms Kentucky's commitment to aligning state data protection standards with federal standards, particularly in the healthcare sector, where data privacy concerns are increasingly prevalent.
Representative Josh Branscomb introduced House Bill 473 as a “minor cleanup” bill related to last year's bipartisan consumer data privacy legislation. He emphasized the significance of the previous bill, noting that it has served as a model for other states.
The revisions show Kentucky's proactive approach to addressing privacy concerns. By aligning state code with federal health data standards, the revisions will simplify compliance and enable businesses to more effectively manage risk while preserving consumer privacy protections.
Kentucky's HB 473 makes substantial changes to its Consumer Data Protection Act, finding a balance between requirements for consumer privacy and reasonable compliance for businesses. The amendments target health data protection, privacy, and profiling protections to maintain the Act up-to-date with new technology and changing regulatory demands.
The amendments were made to clarify provisions and align the Kentucky Consumer Data Protection Act with federal standards, particularly regarding health data and profiling practices.
The revisions aim to simplify compliance for businesses by ensuring that state requirements align with federal health privacy standards, particularly for data handling in the healthcare sector.
These amendments ensure that Kentucky’s data privacy laws are consistent with federal health data protection standards, which will help protect consumer privacy while simplifying compliance for healthcare providers.
The main goals of the revisions are to simplify compliance for businesses, enhance consumer privacy protections, and ensure alignment with federal standards, particularly in the healthcare sector.