TENNESSEE LEGISLATORS MUDDY WATERS AROUND PRIVACY BREACH NOTIFICATION REQUIREMENTS

The Tennessee legislature recently passed a modification to the state privacy breach notification requirements, 47 18 2107. The modification has been sent to the governor for signature. Unfortunately, the modification just confuses the law s requirements.The existing code says that a breach notification is required if unauthorized acquisition of unencrypted computerized data takes place. The breach also has to materially compromise the security, confidentiality, or integrity of personal information. This seems clear to me.The new code says that notification is required when acquisition of computerized data that materially compromises the security, confidentiality, or integrity of personal information takes place. The data does not have to be unencrypted.However, subsections add an exception for encrypted data. If the data breached is encrypted, breach notification is not triggered. One encryption exception is for data encrypted in accordance with FIPS 140 2, a Federal Informa…

*** This is a Security Bloggers Network syndicated blog from Security Connections authored by Fred Scholl. Read the original post at: https://www.monarch-info.com/blog_direct_link.cfm?blog_id=64309&TENNESSEE-LEGISLATORS-MUDDY-WATERS-AROUND-PRIVACY-BREACH-NOTIFICATION-REQUIREMENTS