Last week, New Mexico and Tennessee both passed legislation updating each state’s requirements for notifying residents following a data breach. New Mexico’s new law, H.B. 15, makes it the 48th U.S. state to enact a state data breach notification law, leaving Alabama and South Dakota as the only states that have not enacted similar laws. Tennessee’s bill, S.B. 547, amended its Identity Theft Deterrence Act of 1999 to exempt certain encrypted data from triggering notification requirements.
Continue Reading New Mexico Becomes 48th State with Data Breach Notification Law; Tennessee Restores Exemption for Encrypted Data
Tennessee
Tennessee Amends Breach Notification Law to Cover Breaches of Encrypted Information
By Caleb Skeath on
Posted in Data Breaches
Last week, Tennessee Governor Bill Haslam (R) signed S.B. 2005 into law, amending Tennessee’s breach notification law to broaden the scope of information covered and require quicker notifications of the state’s residents. Most notably, when the amendments enter into force on July 1, 2016, Tennessee will become the only U.S. state that could require notification of affected individuals following breaches of encrypted information. The amendments will also require businesses to notify Tennessee residents within 45 days after the business discovers the breach.
Continue Reading Tennessee Amends Breach Notification Law to Cover Breaches of Encrypted Information