Current through Acts 2023-2024, ch. 1069
Section 47-18-2110 - Protecting social security numbers from disclosure(a) On and after January 1, 2008, any person, nonprofit or for profit business entity in this state, including, but not limited to, any sole proprietorship, partnership, limited liability company, or corporation, engaged in any business, including, but not limited to, health care, that has obtained a federal social security number for a legitimate business or governmental purpose shall make reasonable efforts to protect that social security number from disclosure to the public. Social security numbers shall not:(1) Be posted or displayed in public;(2) Be required to be transmitted over the Internet, unless the Internet connection used is secure or the social security number is encrypted;(3) Be required to log onto or access an Internet web site, unless used in combination with a password or other authentication device;(4) Be printed on any materials mailed to a consumer, unless the disclosure is required by law, or the document is a form or application; or(5) Be printed on any check, card, identification, or badge that the consumer must display or present in order to receive a benefit, good, service or other thing of value to which the consumer is entitled based upon the consumer's contract or other agreement with the entity issuing the check, card, identification, or badge.(b) The requirements established pursuant to subsection (a) shall not apply:(1) To the disclosure of a federal social security number by an entity so long as the disclosure is for a legitimate business or governmental purpose and occurs pursuant to the terms of a business or governmental contract or other lawful legal obligation; or(2) If the: (A) Person gives permission, in writing;(B) Disclosure is authorized or required under state or federal law; or(C) Disclosure is made: (i) To a consumer reporting agency as defined by the federal Fair Credit Reporting Act (15 U.S.C. § 1681 et seq.);(ii) To a financial institution subject to the privacy provisions of the federal Gramm-Leach-Bliley Act (15 U.S.C. § 6802); or(iii) To a financial institution subject to the International Money Laundering Abatement and Financial Anti-Terrorism Act of 2001 (31 U.S.C. § 5311 et seq.).(c) On and after January 1, 2009, a violation of subsection (a) is a Class B misdemeanor. Each violation of subsection (a) shall constitute a separate offense.(d) In addition to the criminal offense created pursuant to subsections (a) and (b), on and after January 1, 2009, it is also a civil violation of this part, subject to the penalty provided in this part, for any person, any nonprofit or for profit business entity in this state, including, but not limited to, any sole proprietorship, partnership, limited liability company, or corporation, engaged in any business, including, but not limited to, health care, to violate any of the prohibitions of subsection (a).(e) Any state agency or nonprofit or for profit business entity engaged in the provision of health care services under Title XIX, including determining eligibility for Title XIX services, shall be exempted from the requirements of subsections (a) and (b).Amended by 2015 Tenn. Acts, ch. 127, s 2, eff. 7/1/2015.Amended by 2015 Tenn. Acts, ch. 127, s 1, eff. 7/1/2015. Acts 2007 , ch. 170, § 6; 2009 , ch. 269, § 1.