ARTICLE
21 September 2016

Data Breach Notification Statute Amendments Take Effect In July And August

JD
Jones Day

Contributor

Jones Day is a global law firm with more than 2,500 lawyers across five continents. The Firm is distinguished by a singular tradition of client service; the mutual commitment to, and the seamless collaboration of, a true partnership; formidable legal talent across multiple disciplines and jurisdictions; and shared professional values that focus on client needs.
Data breach notification requirements in Arizona, Nebraska, and Tennessee took effect in July and August.
United States Privacy

Data breach notification requirements in Arizona, Nebraska, and Tennessee took effect in July and August.

On July 1, Tennessee S.B. 2005 took effect, which amends Tennessee's breach notification law to require notification of a breach even if the personal information involved in the breach was encrypted. The law was further amended to include employees of the information holder as "unauthorized persons" and requires disclosure of the breach no later than 45 days from the discovery or notification of the breach.

  • On July 20, Nebraska L.B. 835 took effect, which amends Nebraska's Consumer Notification of Data Security Breach Act. The bill amended the definition of "personal information" to include a user name or email address in combination with a password or security question and answer, requires notice to the Nebraska Attorney General, and lays out an exception to the exemption for encrypted data.
  • On August 6, Arizona H.B. 2363 took effect, which amends Arizona's data breach law to ensure it does not apply to business associates of covered entities as defined under regulations implementing HIPAA.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More