Ask Reggi Your Question Now

Reggi is the free generative AI assistance for regulatory compliance
Ask a Question

Can I avoid having a data breach response plan in Tennessee? What are the requirements?

Data Breach Response Plan Requirements in Tennessee

In Tennessee, businesses that own or license computerized personal information of residents of the state are required to have a data breach response plan in place [1.2]. The plan should include procedures for notifying affected individuals in the event of a breach of system security [1.2].

Notification Requirements

Following discovery or notification of a breach of system security by an information holder, the information holder shall disclose the breach of system security to any resident of Tennessee whose personal information was, or is reasonably believed to have been, acquired by an unauthorized person. The disclosure must be made no later than forty-five (45) days from the discovery or notification of the breach of system security, unless a longer period of time is required due to the legitimate needs of law enforcement [1.2].

Penalties

Violation of the data breach notification requirements constitutes a violation of the Tennessee Consumer Protection Act and is subject to penalties and remedies as provided in that act, in addition to the penalties and remedies set forth in the data breach notification law [1.1][1.2].

Conclusion

It is not possible to avoid having a data breach response plan in Tennessee if you own or license computerized personal information of residents of the state. Failure to comply with the notification requirements can result in penalties and legal action.

However, it is important to note that there may be additional requirements for specific industries or types of data. For example, the Tennessee Uniform Reporting System for the All Payer Claims Database requires specific requirements for health care claims data submission [2.1]. Additionally, Tennessee consumers have the right to obtain a security freeze on their credit report [1.3].

If you have further questions or concerns about data breach response plan requirements in Tennessee, it is recommended that you consult with a legal professional.

Source(s):
Jurisdiction

Tennessee