Tennessee Data Privacy Laws

General Identity Theft Laws

  • T. C. A. § 47-18-2101 Tennessee Identity Theft Deterrence Act of 1999, click here
  • T. C. A. § 47-18-2102 Definitions, click here
  • T. C. A. § 47-18-2103 Prohibited Practices, click here
  • T. C. A. § 47-18-2104 Private rights of Action, click here
  • T. C. A. § 47-18-2105 Civil Penalties and Remedies, click here
  • T. C. A. § 47-18-2106 Violation of Tennessee Consumer Protection Act, click here

Any Information Holder as defined by TN law

  • T. C. A. § 47-18-2107 Breaches of security systems; definitions; notice. NOTE: The definitions have been amended twice since this law was enacted in 2013.
    • Effective August 5, 2013 through June 30, 2016Click here
    • Effective July 1, 2016 through April 3, 2017:  The above version was amended by the 2016 TN Legislative Session. Click here for S.B. No. 2005 amendments to the above version. In sum, the 2016 Legislature deleted the word “unencrypted” from the definition of “Breach of the security of the system”, resulting in the following definition at (a)(1): “Breach of the security of the system” means unauthorized acquisition of unencrypted computerized data that materially compromises the security, confidentiality, or integrity of personal information maintained by the information holder. Good faith acquisition of personal information by an employee or agent of the information holder for the purposes of the information holder is not a breach of the security of the system; provided, that the personal information is not used or subject to further unauthorized disclosure.”  For Wyatt HITECH Law blog articles discussing the 2016 Legislature’s amendment, click here, here, and here.
    • Effective April 4, 2017 to present:  Click here.  The 2017 Legislature overhauled the definition at (a)(1), which now reads: “Breach of system security“: (A) Means the acquisition of the information set out in subdivision (a)(1)(A)(i) or (a)(1)(A)(ii) by an unauthorized person that materially compromises the security, confidentiality, or integrity of personal information maintained by the information holder: (i) Unencrypted computerized data; or (ii) Encrypted computerized data and the encryption key; and (B)Does not include the good faith acquisition of personal information by an employee or agent of the information holder for the purposes of the information holder if the personal information is not used or subject to further unauthorized disclosure.”
  • T. C. A. § 47-18-2108 Consumer report security freeze request, click here
  • T. C. A. § 47-18-2109 Notice of right to security freeze, click here
  • T. C. A. § 47-18-2110 Social security number protection; crime and punishment; exemptions; policy review, click here
  • T. C. A. § 47-18-2111 Protected consumer security freeze, click here

Public Agencies and Municipalities

  • T. C. A. § 47-18-2901 Security procedures; laptop computers or other removable storage devices, click here

Video Tape Sellers or Service Providers

  • T. C. A. § 47-18-2201 Video Consumer Privacy Act, click here
  • T. C. A. § 47-18-2202 Legislative findings, declaration, and intent, click here
  • T. C. A. § 47-18-2203 Definitions, click here
  • T. C. A. § 47-18-2204 Seller or service provider; disclosure of personally identifiable information concerning consumers, click here
  • T. C. A. § 47-18-2205 Damages; liability, click here

Licensees of the Insurance Division of the Department of Commerce and Insurance

  • Comp. R. & Regs. 0780-01-72-.04 Definitions, click here
  • Comp. R. & Regs. 0780-01-72-.11 Limits on disclosure of nonpublic personal information to nonaffiliated third parties, click here
  • Comp. R. & Regs. 0780-01-72-.12 Limits on redisclosure and reuse of nonpublic personal information, click here
  • Comp. R. & Regs. 0780-01-72-.13 Limits on sharing account number information for marketing purposes, click here