TENNESSEE, USA — Tennessee insurance consumers will gain new protections for their personal, medical, and financial information with the recent passage by the Tennessee General Assembly of the Insurance Data Security Law.
“I want to thank Governor Bill Lee and the members of the General Assembly for the swift passage of this important legislation which represents an important step forward in helping Tennessee address cybersecurity threats in the insurance industry,” said TDCI Commissioner Carter Lawrence.
New protections include:
- Identify internal or external threats that could result in unauthorized access, transmission, disclosure, misuse, or destruction of consumers’ private information.
- Develop, implement and maintain an information security program based on its individual risk assessment with a designated employee in charge of the information security program.
- Investigate any cybersecurity breach and notify the Insurance Commissioner of a cybersecurity event if the licensee is a domiciled insurer or if more than 250 Tennesseans are impacted.
Spearheaded by the National Association of Insurance Commissioners (NAIC), the creation of model legislation that formed the basis for Tennessee’s law was created with the input of national regulators after a succession of data breaches exposed millions of Americans’ personal information.
The NAIC made cybersecurity and consumer data protection top priorities. The model legislation was the result of a two-year collaborative process that resulted in a model law that could be adopted by various states.
"Tennessee’s adoption of the bill is critical for the Commissioner and the Department to have the tools they need to better protect Tennesseans’ sensitive consumer information,” said Assistant Commissioner for Insurance Bill Huddleston.
In an effort to raise greater awareness among consumers about cybersecurity, TDCI reminds consumers to familiarize themselves with the NAIC’s Cybersecurity Consumer Protections.