New Data Breach Law Shortens Notification Time Frame

Like nearly every other state, Tennessee has a data breach notification law that requires businesses to notify customers of a breach of their personally identifiable information. The Tennessee Identity Theft Deterrence Act has been in effect since 1999, and the breach notification provision was added in 2005.

Businesses who are unaware of their legal obligations under Tennessee law need to familiarize themselves with this law and prepare for compliance—fast. New revisions to the law — signed by the governor on March 24, 2016 — impose higher standards on businesses affected by data breaches occurring after July 1, 2016.
And, the differences between the current data breach notification law and the new law are significant.

However, the new law provides that notification “shall be made immediately” but, in any instance, no later than 45 days from discovery of the breach.

While 45 days may seem like more than sufficient time to provide notification, a business caught flat-footed and unprepared to address a data breach may have a difficult time complying.

Another significant change is that encryption will no longer provide an unqualified “safe harbor” to breach notification.

Read the full article here.

Joy-9936Mr. Joy has earned the Certified Information Privacy Professional/United States (CIPP/US) credential through the International Association of Privacy Professionals (IAPP).

Share this: