• Henry Park

Tennessee requires notification even if encrypted


Earlier this year, Tennessee revised its data breach law, Tennessee Code 41-18-2107. Under the old law, an entity need only disclose a data breach where the unencrypted "personal information" of a Tennessee resident was or is reasonably believed to have been acquired by an unauthorized person. Tennessee Code 41-18-2107(b). The revised law removes the encryption safe harbor. Now, an entity must disclose any data breach where the "personal information" of a Tennessee resident was or is reasonably believed to have been acquired by an unauthorized person -- regardless of encryption status. TN S.B. 2005. Thus, an entity must be mindful that encrypting personal information may not excuse it from complying with state data breach laws.

#security

Attorney Advertising

Henry Park Law

© Law Office of Henry Park, PC. All Rights Reserved.