On March 24, Tennessee enacted a law amending its breach notification law, originally enacted in 2005. The new amendment requires businesses and government agencies to notify citizens affected by data breaches within 45 days of discovering the breach. Exceptions to the 45-day time limit will be allowed only when required for law enforcement purposes. The amendment also specifies that unauthorized access of information by employees of the business or agency that holds the information triggers the 45-day notification requirement.
04 April 2016