On April 10, 2014, Kentucky Governor Steve Beshear signed H.B.232 into law, making Kentucky the 47th state to enact data breach notification legislation. Prior to H.B. 232, Kentucky was one of only four states—including Alabama, New Mexico, and South Dakota—that had not adopted data breach notification legislation. H.B. 232 also includes a separate section addressing the protection and processing of student data by cloud computing service providers.