Tennessee Insurance Data Security Law to Take Effect July 1

May 24, 2021

A law passed by the Tennessee General Assembly in its latest session will give insurance consumers in the state new protections for their personal, medical and financial information, according to the Tennessee Department of Insurance.

The Insurance Data Security Law was signed by Tennessee Governor Bill Lee earlier this month takes effect July 1, 2021.

TDCI said the law modernizes, defines and toughens existing security measures that Tennessee insurance carriers must take to protect consumer information.

Under the new law, insurance carriers must:

  • Identify internal or external threats that could result in unauthorized access, transmission, disclosure, misuse or destruction of consumers’ private information.
  • Develop, implement and maintain an information security program based on its individual risk assessment with a designated employee in charge of the information security program.
  • Investigate any cybersecurity breach and notify the Insurance Commissioner of a cybersecurity event if the licensee is a domiciled insurer or if more than 250 Tennesseans are impacted.
  • Notify consumers if they have been affected by a cybersecurity event within 45 days of the determination of such event, unless a longer period of time is required due to law enforcement needs.

Each insurer domiciled in Tennessee must submit written certification to the state by April 15 of each year that it is in compliance with the law.

TDCI Commissioner Carter Lawrence, who supported the bill, said the legislation “represents an important step forward in helping Tennessee address cybersecurity threats in the insurance industry.”

Spearheaded by the National Association of Insurance Commissioners (NAIC), the creation of model legislation that formed the basis for Tennessee’s law was formulated with the input of national regulators after a succession of data breaches exposed millions of Americans’ personal information. The NAIC has made cybersecurity and consumer data protection top priorities.

The model legislation was the result of a two year collaborative process that resulted in a model law that could be adopted by various states.

“Tennessee’s adoption of the bill is critical for the Commissioner and the Department to have the tools they need to better protect Tennesseans’ sensitive consumer information,” said Assistant Commissioner for Insurance Bill Huddleston.

In an effort to raise greater awareness among consumers about cybersecurity, TDCI advised consumers to familiarize themselves with the NAIC’s Cybersecurity Consumer Protections.

Source: Tennessee Department of Commerce & Insurance

Topics Cyber Tennessee Data Driven

Was this article valuable?

Here are more articles you may enjoy.