Created 4/14/2015
Revised 4/22/2025

In accordance with KRS 61.931-934, Bullitt County Public Library (BCPL) is committed to safeguarding any personal information from unauthorized access. BCPL will comply with best practices established by the Department for Local Government as outlined in Security and Incident Investigation Procedures and Practices for Local Governmental Units (per KRS 61.932) .

As required by the Department of Local Government, BCPL designates the Library Director as the Point of Contact responsible for:

1. Maintaining and overseeing compliance with the Library’s Information Security and Privacy Policy.
2. Ensuring employees and authorized personnel understand and adhere to policy.
3. Serving as the primary contact for inquiries regarding security, privacy, and any
   incidents.
4. Enforcing compliance with security protocols.
5. Managing incident response procedures.

Patron information

BCPL minimizes the retention of personally identifiable information (PII) to only what is necessary for daily operations. The Library:

• Retains patron information solely for circulation and account management purposes.
• Does not publicly share patron data.
• Shares patron data only with third-party vendors under contract for essential services and with law enforcement personnel upon valid legal request.
• Deletes patron records that have been inactive for a period of three (3) years, and do not have any outstanding fees or obligations, during the annual records maintenance process conducted in January.
• Stores personal information primarily in electronic formats with secure backups in restricted areas.

Staff information

BCPL retains only work-related staff information, including social security numbers, health data, and performance records, as required for human resource functions such as payroll, retirement, or benefits.

Staff records:

• Are subject to Kentucky’s records retention policies and will be disposed of accordingly.
• May be accessible under the Kentucky Open Records Act, except for information protected by law.
• Will not be shared externally except for their intended purpose (e.g., payroll processing). Are securely stored with restricted access.

Security Measures

BCPL upholds strict data security protocols, including:

• Not sharing personal data with external data with external parties except for its original purpose.
• Requiring third-party vendors to comply with KRS 61.932 security standards.
• Maintaining a closed internal network for patron data, inaccessible to the public.
• Using secure transmission protocols for external interactions (e.g., online catalogs).
• Protecting stored data with firewalls and antivirus systems.

Security Breaches and Notifications

In the event of a data breach:

• BCPL will immediately isolate compromised systems to prevent further exposure. Third-party vendors must notify the Library of any breach affecting Library data, as required by KRS 61.932.
• BCPL will investigate and determine the extent of the breach.
• Notifications will be issued to affected parties in compliance with KRS 61.932 and Department for Local Government guidance.

This policy ensures BCPL’s commitment to protecting information while complying with state laws. Any questions or concerns regarding the policy should be directed to the Library Director.