|Tennessee Identity Theft Deterrence Act of 1999|
|CITATION||Tenn. Code § 47-18-2107, 2010 S.B. 2793|
The law requires any information holder to disclose any breach of the security system following discovery or notification of the breach in the security of the data, to any resident of Tennessee whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person.
If more than one thousands persons must be notified, then the law provides for an alternate notice process.
|DATA COVERED||The law applies to the ‘breach of the security of the system’ that means “unauthorized acquisition of unencrypted computerized data that materially compromises the security, confidentiality or integrity of personal information maintained by the information holder.|
|INDUSTRY||Any info holder or info holder that maintains computerized data that includes personal information.|
|PENALTIES||A person can file a private right of action but must file a copy of the complaint and other initial pleadings to the Division of Consumer Affairs. The individual must also file a copy of any judgment or order within five days after its entry. Any customer of an information holder who is a person or business entity and who is injured by a violation may institute a civil action to recover damages and to enjoin the defendant from further actions in breach of the law.|