Enhance your TRUST relationship with PRIVACY and SECURITY. Privacy Made Simple!

   +1 866 267 0049   830 NE Pop Tilton Place, Jensen Beach, FL 34957

Tennessee
Privacy Laws

Overview

BREACH NOTIFICATION – Mandated Timeframe
Within 45 days

FINES & PENALTIES – Violations
Civil action to recover damages

Legal

Regulation Levels

  • Breach Reporting

    Breach Reporting

  • Consumer Notification

    Consumer Notification

  • Vendor Management

    Vendor Management

  • Vendor Contract Required

    Vendor Contract Required

PRIVACY AND SECURITY LAWS

Laws related to personal information and privacy and security.

QUICK FACTS

Tennessee Privacy Law Information

PRIVACY PROGRAM

Organizations must have measures in place for the secure disposal of personal information in their possession.

BREACH REPORTING

If notification is required to more than 1,000 persons, it must be reported, without unreasonable delay, to all consumer reporting agencies and credit bureaus that compile and maintain files on consumers on a nationwide basis.

CONSUMER NOTIFICATION

If any state residents are affected by a breach of security, the breached Organization must give notice to the affected individuals within 45 days of discovery of the breach. If a breach affects residents of other jurisdictions, those individuals must be notified abased on the breach notification laws of the jurisdiction where they reside.

VENDOR/THIRD PARTIES

Vendors must notify Organizations no later than 45 days after discovery of a breach of a suspected breach. The Organizations will be responsible to complete any required regulatory reporting and consumer notification.

INDUSTRY SPECIFIC LAWS

Tennessee passed the Insurance Data Security Law, which includes requirements of insurance licensees to protect personal information and investigate and respond to data breaches. Effective, July 1, 2021, licensees must comply with the breach notification requirements, including Commissioner notification within 3 business days. Separate state laws exist relating to student data and health records.

FINES & PENALTIES

Violations of Tennessee’s data disposal law may be punishable by a civil penalty in the amount of $500, up to $10,000, for each record containing a customer’s personal identifying information that is wrongfully disposed of or discarded. Any consumer injured due to an Organization’s violation of the breach notification requirements can bring a civil action to recover damages and prevent further violations.

Tennessee Statutes and Laws

TENN. CODE § 39-14-150(G)

Identity theft victims’ rights

TENN. CODE § 47-18-2107

Release of personal consumer information

TENN. CODE § 47-18-2110

Protecting social security numbers from disclosure

TENN. CODE §§ 49-1-701 – 49-1-708

Education/Data Accessibility, Transparency and Accountability Act

TENN. CODE § 49-6-805

EDUCATION/RELATIVE TO CYBERSECURITY – TEMPLATE MINIMUM REQUIREMENTS

TENN. CODE §§ 56-2-1001 – 56-2-1011

Insurance Data Security Act

TENN. CODE §§ 68-11-301 – 68-11-312

Short title

DISCLAIMER

The information provided is not legal guidance or recommendations and are for informational purposes only.