Encrypted? So What, Says Tennessee

In a first for the country’s growing body of state breach notification laws, Tennessee has recently amended its law to require notification even if the information subject to a breach was encrypted, and regardless of whether the encryption key itself was compromised.

Until now, other states have taken the position that encryption offered a “safe harbor” of sorts, under the logic that encrypted data is generally unreadable without adequate time and computing power to break the encryption.

Governor Bill Haslam enacted S.B. 2005 on March 24, 2016, amending Tennessee’s data breach statute to:

  1. remove the encryption caveat,
  2. specify a deadline for disclosing the breach as 45 days following discovery of the breach (subject to certain exceptions), and
  3. expanding the definition of “unauthorized person” to include “an employee of the information holder who is discovered by the information holder to have obtained personal information and intentionally used it for an unlawful purpose.”

The amended data breach provisions become effective July 1, 2016.

The prevalence of cybersecurity breaches is causing many states to revisit their data breach notification statutes to protect their residents. Stay tuned for the first state to require breach notification as soon as someone thinks about breaching your data.

Related Content

Latest Content

Evolution of Fiduciary Rules Begins to Take Shape in SEC

On April 18, 2018, the SEC voted to propose several new rules and reforms related to fiduciary standards. The package intends to raise and clarify standards of conduct for broker-dealers and investment advisers, and to provide clarity regarding fees, conflicts and other material matters. It also aims to ensure that the standards can be understood … Continued

Insurance Considerations for Investment Advisers

How much coverage is enough? What types of insurance policies do you need? Whether you are starting an investment advisory practice, launching a new line of business, or reevaluating your existing risks, there are critical questions to ask to make sure you understand the various ways to protect your firm. Join us for a practical … Continued

Fifth Circuit Weighs In on DOL Fiduciary Rule

A panel of the U.S. Court of Appeals for the Fifth Circuit has vacated the Department of Labor’s Fiduciary Rule. In a 2-1 split, the Fifth Circuit’s decision overrules a Dallas District Court’s decision, which had previously upheld the rule. Unfortunately, the decision does little to settle the fate of the beleaguered rule. Although it … Continued

SEC Proposes Amending Investment Company Liquidity Disclosures in Forms N-PORT and N-1A

On March 14, 2018, the Securities and Exchange Commission (“SEC”) proposed amendments to the mutual fund liquidity-related disclosure requirements. Specifically, the proposal: Adds a new requirement to “briefly discuss the operation and effectiveness of the Fund’s liquidity risk management program during the most recently completed fiscal year” in the Fund’s Management Discussion of Fund Performance … Continued

Paradigm Shift in SEC Exams, Benefits of a Mock Exam

For investment advisers currently going through an SEC exam, the process likely bears little resemblance to exams of old. Call it the new normal, a paradigm shift, or simply the effects of the SEC having to do more with less, but anecdotal evidence among those now experiencing the exam process suggests some interesting new trends. … Continued

Mailing List

Subscribe to the Ascendant Compliance email list for the latest compliance resources, conferences, ComplianceCasts™, and more.

Loading form...

Contact Us

Ascendant works together with clients to identify and assess critical needs through customized plans. If you need assistance with compliance functions, regulatory services, cybersecurity or technology tools, we’d love to speak with you.