Top
Top

Global Data Privacy Guide

USA, Tennessee

(United States) Firm Bass, Berry & Sims PLC

Contributors

Updated 01 Mar 2022
What is the key legislation?

Tennessee’s Identity Theft Deterrence Act (Tenn. Code Ann. §§ 47-18-2101 to 47-18-2111) (“Act”) governs the obligations of an Information Holder (as defined below) to disclose any Breach of System Security following discovery or notification of the breach by an Unauthorized Person.

What data is protected?

The Act protects Personal Information.

Who is subject to privacy obligations?

“Information Holder” means any person or business that conducts business in the State of Tennessee, or any agency of the State of Tennessee or any of its political subdivisions, that owns or licenses computerized data that includes Personal Information of residents of Tennessee. Tenn. Code Ann. § 47-18-2107(a)(3).

What are the principles applicable to personal data processing?

N/A

How is the processing of personal data regulated?

A Tennessee consumer may place a security freeze on the consumer report of such consumer by making a request in writing by certified mail or by an electronic means provided by the credit reporting agency. § 47-18-2108(a).

How are storage, security and retention of personal data regulated?

N/A

What are the data subjects' rights?

N/A

Are there restrictions on cross-border data transfers?

N/A

Are there any notification requirements for data breaches?

Information Holders are required under the Act to notify affected individuals following any Breach of the System Security, subject to certain exceptions.

Who is the privacy regulator?

The Attorney General of the State of Tennessee (the “Attorney General”) may bring an action in the name of the State of Tennessee.

What are the consequences of a privacy breach?

The Attorney General may enforce and seek civil penalties for violations of the Act.

The Attorney General may also seek a temporary restraining order, a temporary injunction, or permanent injunction against the use of an act or practice that the Attorney General believes violates the Act. Tenn. Code Ann. § 47-18-2105(a)(1).

An individual or business entity affected by a Breach of the System Security may initiate a private right of action for a violation of the Act. Tenn. Code Ann. § 47-18-2104.

How is electronic marketing regulated?

N/A

Are there any recent developments or expected reforms?

N/A

Global Data Privacy Guide

USA, Tennessee

(United States) Firm Bass, Berry & Sims PLC

Contributors

Updated 01 Mar 2022