Bass, Berry & Sims attorney Tony McFarland provided insight for a Nashville Post article about the amendments passed by the Tennessee General Assembly related to cyber breach notification. The amendment requires companies to alert customers within 45 days of a data breach; however, under the amendment companies are not required to notify customers of a breach of redacted personal data. "One thing still missing is [the prior] exemption from notifying affected users of breaches that are still under [internal] investigation," said Tony.
The full article, "State Amends Cyber Breach Notification Rules," was published by the Nashville Post on May 30, 2017, and is available online.
To read additional analysis about the Tennessee data breach amendment, read the client alert, "Governor Signs Amendment to Tennessee Data Breach Notification Law," written by members of our Privacy & Data Security team.