Tennessee State Security Breach Laws 

Effective Date: July 1, 2005

Definition of Personal Information: An individual's first name or first initial and last name in combination with any one (1) or more of the following data elements, when either the name or the data elements are not encrypted:

(a) Social security number;
(b) Driver’s license number; or
(c) Account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual’s financial account.

Summary: Any information holder shall disclose any breach of the security of the system following discovery or notification of the breach in the security of the data to any resident of Tennessee whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. The disclosure shall be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement, or any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
 
Visit the state Web site