FINES & PENALTIES

Violations
Civil action to recover damages

BREACH NOTIFICATION

Mandated Timeframe
Within 45 days

QUICK FACTS

Tennessee Privacy Law Information

BREACH REPORTING

If notification is required to more than 1,000 persons, it must be reported, without unreasonable delay, to all consumer reporting agencies and credit bureaus that compile and maintain files on consumers on a nationwide basis.

CONSUMER NOTIFICATION

If any state residents are affected by a breach of security, the breached Organization must give notice to the affected individuals within 45 days of discovery of the breach. If a breach affects residents of other jurisdictions, those individuals must be notified abased on the breach notification laws of the jurisdiction where they reside.

FINES & PENALTIES

Violations of Tennessee’s data disposal law may be punishable by a civil penalty in the amount of $500, up to $10,000, for each record containing a customer’s personal identifying information that is wrongfully disposed of or discarded. Any consumer injured due to an Organization’s violation of the breach notification requirements can bring a civil action to recover damages and prevent further violations.

INDUSTRY SPECIFIC LAWS

Tennessee passed the Insurance Data Security Law, which includes requirements of insurance licensees to protect personal information and investigate and respond to data breaches. Effective, July 1, 2021, licensees must comply with the breach notification requirements, including Commissioner notification within 3 business days. Separate state laws exist relating to student data and health records.

PRIVACY PROGRAM

Organizations must have measures in place for the secure disposal of personal information in their possession.

VENDOR/3RD PARTIES

Vendors must notify Organizations no later than 45 days after discovery of a breach of a suspected breach. The Organizations will be responsible to complete any required regulatory reporting and consumer notification.

CONTACT

TTAPrivacy.club