Cyber Security

Tennessee insurance consumers will gain new protections for their personal, medical and financial information with the recent passage by the Tennessee General Assembly of the Insurance Data Security Law. Signed by Tennessee Governor Bill Lee, the law takes effect July 1, 2021.

  • The law modernizes, defines and toughens existing security measures that Tennessee insurance carriers must take to protect consumer information. Under the new law, insurance carriers must:
  • Identify internal or external threats that could result in unauthorized access, transmission, disclosure, misuse or destruction of consumers’ private information.
  • Develop, implement and maintain an information security program based on its individual risk assessment with a designated employee in charge of the information security program.
  • Investigate any cybersecurity breach and notify the Insurance Commissioner of a cybersecurity event if the licensee is a domiciled insurer or if more than 250 Tennesseans are impacted.