Magazine article Information Management

Tennessee Enacts Tough Data Breach Law

Magazine article Information Management

Tennessee Enacts Tough Data Breach Law

Article excerpt

This month, Tennessee becomes the first state to abolish the "encryption safe harbor" rule, giving it the honor of having the strictest data breach law in the United States, according to data privacy experts.

Encryption safe harbor requires companies who suffer a data breach to notify customers only if the exposed data was unencrypted. Tennessee's amended Identity Theft Deterrence Act of 1999, which became effective July 1, requires notification even if the breached data was encrypted, according to a Corporate Counsel report. The rule requires notice of a data breach to be reported to affected individuals within 45 days unless law enforcement needs more time to investigate. Only a few states have established a set notification time period.

Lastly, the bill amends the statute to specify that an "unauthorized person" includes an employee of the information holder who is discovered to have obtained personal information and intentionally used it for an unlawful purpose. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.