Like nearly every other state, Tennessee has a data breach notification law that requires businesses to notify customers of a breach of their personally identifiable information. The Tennessee Identity Theft Deterrence Act has been in effect since 1999, and the breach notification provision was added in 2005.
Businesses who are unaware of their legal obligations under Tennessee law need to familiarize themselves with this law and prepare for compliance—fast. New revisions to the law — signed by the governor on March 24, 2016 — impose higher standards on businesses affected by data breaches occurring after July 1, 2016.
And, the differences between the current data breach notification law and the new law are significant.
Mr. Joy has a variety of experience in various general civil litigation matters including business and commercial litigation, insurance coverage disputes, healthcare liability defense, medical device liability defense, personal injury and business torts. He also represents media organizations and journalists in defamation actions and other matters. Mr. Joy has been involved in a number of jury trials to verdict. Mr. Joy also provides counsel to clients in the area of information privacy and cybersecurity including security incident investigation, security awareness and policy drafting, cyber risk management including insurance policy coverage consultation and breach response management. Specifically in the area of healthcare, Mr. Joy counsels covered entities on a variety of matters pertaining to HIPAA Privacy Rule, Security Rule, and Breach Notification Rule compliance.