The State of Tennessee recently amended its data breach notification statute, Tenn. Code Ann. § 47-18-2107, which is set to go into effect on July 1, 2016. Numerous commentators have proclaimed that the amendment1 marks a watershed moment—that with the enactment of S.B. 2005, Tennessee becomes the first state to eliminate the encryption safe harbor from its data breach notification statute. However, this is not the case; Tennessee has not removed its primary encryption safe harbor. Even under the amended Tennessee law, data encryption remains an important method for securing data, and one that may reduce notice obligations if a breach occurs.
S.B. 2005 makes three changes to the breach notification statute that may impact whether Tennessee’s notification law applies to a particular data breach situation, and when organizations must send notices to affected individuals.
Continue Reading Tennessee Updates Data Breach Notification Law