Tennessee to Clarify Breach Notice Encryption Exemption

March 28, 2017 By Andrew M. Ballard
Bloomberg BNA: Privacy & Data Security

Tennessee lawmakers have cleared a bill ( S.B. 547) to clarify that companies facing a data breach aren’t required to give notice to affected individuals if the personal information involved is encrypted.

Tennessee’s 2005 breach notice law specifically provided an exception to providing notice if the breached data were encrypted. But in 2016, the law was amended to remove the specific exemption but still mentioned encryption as a means of protecting data. That change cast doubt for many on whether the breach notice encryption exception was still allowed under the Tennessee law.

The new amendment would reinstate the encryption language in the statute to remove any doubt that companies need not give breach notice of encrypted data, unless the encryption key was also breached.

To read the full article, click here.