Tennessee requires notification even if encrypted

April 10, 2016

   Earlier this year, Tennessee revised its data breach law, Tennessee Code 41-18-2107.  Under the old law, an entity need only disclose a data breach where the unencrypted "personal information" of a Tennessee resident was or is reasonably believed to have been acquired by an unauthorized person. Tennessee Code 41-18-2107(b).  The revised law removes the encryption safe harbor.  Now, an entity must disclose any data breach where the "personal information" of a Tennessee resident was or is reasonably believed to have been acquired by an unauthorized person -- regardless of encryption status.  TN S.B. 2005.

   Thus, an entity must be mindful that encrypting personal information may not excuse it from complying with state data breach laws.
 

Please reload

Featured Posts

Brexit and EU trademarks

January 27, 2020

1/2
Please reload

Recent Posts
Please reload

Archive