Tennessee Amends Its Cybersecurity Law


As one of the forty-seven states with cybersecurity breach notification laws, the Tennessee legislature just amended its previously existing law. Since California in 2002, states have undertaken the act of imposing security breach notification obligations on entities that own and possess personal information. With the enactment of a more encompassing and definitive breach notification protocol, Tennessee has taken a small step forward in prioritizing data security. THE CURRENT LAW Codified at T.C.A. § 47-18-2107 under the Tennessee Identity Theft Deterrence Act of 1999 and entitled, “Release of Personal Information,” Tennessee follows a statutory framework common to states around the country. The statute begins by defining personal information, breach of security, and information holder. “Personal information” is unencrypted information concerning a person’s individual’s first name or first initial and last name, in combination with any one or more of the following: (i) social security number; (ii) driver’s license number; (iii) account number, credit or debit card number, combined with any security, access, or […]

Continue Reading