Andrew M. Ballard reports:
Companies don’t need to notify Tennessee citizens of personal data breaches if the information was encrypted, under a new law that took effect April 4 and clarifies confusion created by a 2016 amendment.
The measure reinstates language in the state’s data breach notice law to remove any doubt that companies do not need to give notice of an encrypted data breach, unless the encryption key is also breached. It took effect with Gov. Bill Haslam’s (R) signature.
Read more on Bloomberg Law.
Is Double ROT13 acceptable?