What’s the News?
Data breach notifications may be more common in Tennessee. Notably, the Governor recently signed into law a bill updating the current breach notification requirements by (a) requiring notice even where data is encrypted, (b) requiring notice within 45 days of discovery of the breach (barring a law enforcement hold), and (c) more clearly covering the actions of malicious employees. This change is notable because it requires notification even if the data is encrypted. It applies to organizations handling Tennessee residents’ data. The new law will take effect July 1, 2016. Given this amendment, all companies should consider any necessary updates to incident response plans.