Kentucky Data Removal Guide (2026)
Kentucky's Consumer Data Protection Act took effect January 2026. KCDPA closely tracks Virginia's VCDPA template, providing Kentuckians with access, deletion, correction, and opt-out rights.
At a glance
- Comprehensive state privacy law
- Yes — KCDPA
- Broker response deadline
- 45 days from verifiable request
- Enforcement
- Kentucky Office of the Attorney General
- Residents
- 4.5M (approx.)
Kentucky Consumer Data Protection Act (KCDPA)
KCDPA applies to controllers processing data of 100,000+ Kentucky consumers or 25,000+ while selling data. Rights include delete, access, correct, port, and opt-out. Enforcement is exclusive to the AG with a 30-day cure period and civil penalties up to $7,500 per violation. No private right of action.
Your rights
- →Delete, access, correct, port, opt-out
- →AG enforcement only
Where your data leaks from in Kentucky
Data brokers don\u2019t guess your address \u2014 they scrape specific public-record sources. The ones most relevant in Kentucky:
- Kentucky CourtNet
- Jefferson, Fayette County property records
- Kentucky Transportation Cabinet driver records
Ready to remove
Opt out of 200+ brokers for $2
OfflistMe drafts a legally compliant deletion email citing KCDPA for every broker. You send from your own inbox. No account, no ID upload.
Start for $2 \u2192If a broker ignores your request
If a broker does not respond within 45 days, file a complaint with the Kentucky Office of the Attorney General. The enforcement authority can assess civil penalties and compel compliance.
File a complaint with Kentucky Office of the Attorney General \u2197FAQ: Kentucky data removal
When does Kentucky's cure period sunset?+
The 30-day cure period in KCDPA does not have a statutory sunset date unlike many peer laws. The AG may choose to enforce without cure in egregious cases but typically provides notice and opportunity first.