Global Data Privacy Guide |
|
USA, Tennessee |
|
|
(United States)
Firm
Bass, Berry & Sims PLC
Contributors Updated 01 Mar 2022 |
|
| What is the key legislation? | Tennessee’s Identity Theft Deterrence Act (Tenn. Code Ann. §§ 47-18-2101 to 47-18-2111) (“Act”) governs the obligations of an Information Holder (as defined below) to disclose any Breach of System Security following discovery or notification of the breach by an Unauthorized Person. |
| What data is protected? | The Act protects Personal Information. |
| Who is subject to privacy obligations? | “Information Holder” means any person or business that conducts business in the State of Tennessee, or any agency of the State of Tennessee or any of its political subdivisions, that owns or licenses computerized data that includes Personal Information of residents of Tennessee. Tenn. Code Ann. § 47-18-2107(a)(3). |
| What are the principles applicable to personal data processing? | N/A |
| How is the processing of personal data regulated? | A Tennessee consumer may place a security freeze on the consumer report of such consumer by making a request in writing by certified mail or by an electronic means provided by the credit reporting agency. § 47-18-2108(a). |
| How are storage, security and retention of personal data regulated? | N/A |
| What are the data subjects' rights? | N/A |
| Are there restrictions on cross-border data transfers? | N/A |
| Are there any notification requirements for data breaches? | Information Holders are required under the Act to notify affected individuals following any Breach of the System Security, subject to certain exceptions. |
| Who is the privacy regulator? | The Attorney General of the State of Tennessee (the “Attorney General”) may bring an action in the name of the State of Tennessee. |
| What are the consequences of a privacy breach? | The Attorney General may enforce and seek civil penalties for violations of the Act. The Attorney General may also seek a temporary restraining order, a temporary injunction, or permanent injunction against the use of an act or practice that the Attorney General believes violates the Act. Tenn. Code Ann. § 47-18-2105(a)(1). An individual or business entity affected by a Breach of the System Security may initiate a private right of action for a violation of the Act. Tenn. Code Ann. § 47-18-2104. |
| How is electronic marketing regulated? | N/A |
| Are there any recent developments or expected reforms? | N/A |
Global Data Privacy Guide
Tennessee’s Identity Theft Deterrence Act (Tenn. Code Ann. §§ 47-18-2101 to 47-18-2111) (“Act”) governs the obligations of an Information Holder (as defined below) to disclose any Breach of System Security following discovery or notification of the breach by an Unauthorized Person.
The Act protects Personal Information.
“Information Holder” means any person or business that conducts business in the State of Tennessee, or any agency of the State of Tennessee or any of its political subdivisions, that owns or licenses computerized data that includes Personal Information of residents of Tennessee. Tenn. Code Ann. § 47-18-2107(a)(3).
N/A
A Tennessee consumer may place a security freeze on the consumer report of such consumer by making a request in writing by certified mail or by an electronic means provided by the credit reporting agency. § 47-18-2108(a).
N/A
N/A
N/A
Information Holders are required under the Act to notify affected individuals following any Breach of the System Security, subject to certain exceptions.
The Attorney General of the State of Tennessee (the “Attorney General”) may bring an action in the name of the State of Tennessee.
The Attorney General may enforce and seek civil penalties for violations of the Act.
The Attorney General may also seek a temporary restraining order, a temporary injunction, or permanent injunction against the use of an act or practice that the Attorney General believes violates the Act. Tenn. Code Ann. § 47-18-2105(a)(1).
An individual or business entity affected by a Breach of the System Security may initiate a private right of action for a violation of the Act. Tenn. Code Ann. § 47-18-2104.
N/A
N/A