Municipalities that hold personal information in a computer system that is not lawfully available to the public must give notice of any breach of the system if personal information was, or is reasonably believed to have been, obtained by any unauthorized person. The disclosure must be made to the person or persons whose information was or might have been obtained. The law outlines the circumstances under which the notice must be made and the methods for giving the notice. T.C.A. § 47-18-2107.
All municipalities must create safeguards and procedures for ensuring that confidential information regarding citizens is securely protected on all laptop computers and other removable storage devices used by municipalities. Failure to comply creates a cause of action or claim for damages against the municipality if a citizen of the state proves by clear and convincing evidence that the citizen was a victim of identity theft due to a failure to provide safeguards and procedures regarding that citizen’s confidential information. T.C.A. § 47-18-2901.
Identity Theft Precautions
The federal Fair and Accurate Credit Transactions Act of 2003 (FACTA), Public Law 108-159, requires utilities and other municipal departments that defer payments for services to take precautions to protect personal identifying information in their records. The municipality must have a policy that protects personally identifying financial and medical information and provide training on the policy.