Tennessee has enacted the National Association of Insurance Commissioner’s (“NAIC”) Insurance Data Security Law. The new Tennessee law is based on the model law that was finalized in October 2017, and requires Tennessee-licensed insurers to develop and implement written information…
Data Breach
On May 6, 2021, Tennessee Governor Bill Lee has signed the Insurance Data Security Law after its passage in the General Assembly. This new data security law creates obligations for insurance carriers in Tennessee, and was based on model legislation…
In February 2021, state legislators introduced an amendment to Tennessee’s data breach law to extend the notice from 45 to 60 days. Tennessee’s data breach law is contained within the Tennessee’ Identity Theft Deterrence Act (T.C.A. § 47-18-2107). You can…
The city of Knoxville, Tennessee recently fell victim to a ransomware attack which took many of the city’s government websites and computer servers offline, rendering many public services inaccessible for nearly a week. Forensic analysis revealed that the city was…
The Small Business Administration (SBA) Economic Injury Disaster Loan (EIDL) program suffered a data breach of nearly 8,000 small-business owners, disclosing many owner’s social security numbers. The federal government acted to provide relief to small businesses under the CARES Act…
UPDATE: On November 18, 2021, the FDIC issued a new final rule (“The Computer-Security Incident Notification Final Rule”) altering the obligations discussed below. Notably, all financial institutions subject to OCC, FDIC or Federal Reserve jurisdiction must now notify their primary…