Tennessee Data Breach Notification

Tennessee HB 2170 of 2005 requires that any information holder shall disclose any breach of the security of the system, following discovery or notification of the breach in the security of the data, to any resident of Tennessee whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized

person. The disclosure shall be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement, as provided in subsection (d), or any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver’s license numbers. The rules for this policy are:

• Tennessee Data Breach Notification: Name and SSN
• Tennessee Data Breach Notification: Name and DL
• Tennessee Data Breach Notification: Name and CCN
• Tennessee Data Breach Notification: Name and Password (Wide)
• Tennessee Data Breach Notification: (Default)
• Tennessee Data Breach Notification: (Narrow)
• Tennessee Data Breach Notification: Password Dissemination for HTTP Traffic (Wide)
• Tennessee Data Breach Notification: Password Dissemination for HTTP Traffic (Default)
• Tennessee Data Breach Notification: Password Dissemination for HTTP Traffic (Narrow)
• Tennessee Data Breach Notification: Account and Password