Home / Featured / Follow-up: More reaction as AC deals with data breach

Follow-up: More reaction as AC deals with data breach

Following up on the apparent hacking of the Anderson County Courthouse’s main computer server, we have now heard from more county officials.

As we reported Tuesday, Law Director Jay Yeager issued a statement to all county employees informing them of a potential security breach of the courthouse’s main computer server. The memo was sent to all elected officials, school system employees, School Board members, Veterans Service members and county contractors and stated, in part that “the extent, type and amount of data compromised has not yet been fully determined; however, this may include your confidential personal identifying data.”

The breach was discovered late last week and reported to county officials and law enforcement and was discussed Monday evening by the County Finance Committee.

County Commission Chairman Steve Emert indicated in a message sent to officials and provided to WYSH that he would like answers from County Mayor Terry Frank as to what happened and how, and answers from Yeager as to how to proceed going forward. You can read his statement on our website as well.

Frank says that there are “multiple departments with multiple service contracts and vendors,” and that she is not in charge of all of the county’s computers, as some people have stated.

Mayor Frank, in an email responding to requests for comment, says that since learning of the breach she has been in contact with state officials and that she, too, is trying to “discern the nature or cause of the breach, if the contractor that serviced the county was the problem…so that employees [and] departments could be made aware,” but indicated she does not yet have that information. Frank also says that she has asked law enforcement officials for similar information “in order to prevent the further compromising of data, storage and confidentiality of Anderson County records.” She added that she has not yet received that information, either.

During Monday’s Finance Committee meeting, Yeager told committee members that “there is not doubt there is nothing this county could have done, as far as I know, that could have foreseen this.”

Frank says that she is taking the breach “extremely seriously and [hates] the anxiety it causes each and every one of us who might be affected.”

The information was released on Tuesday as county officials complied with an amended state law dealing with data breaches that requires notification to anyone whose personal information—encrypted or not–may have been compromised by a hacking incident.

(From http://www.workplaceprivacyreport.com/) On March 24, 2016, Tennessee’s breach notification statute was amended when Governor Bill Haslam signed into law S.B. 2005.

Under the amendment, notification of a data breach must now be provided to any affected Tennessee resident within 45-days after discovery of the breach (absent a delay request from law enforcement).  Previously, and like the vast majority of states, Tennessee’s statute required disclosure of a breach to be made in the most expedient time possible and without unreasonable delay.  Florida, like the Volunteer State, previously amended its breach notification statute to also require notification within a set time period.

Perhaps even more important than the specific timing requirement for notice, S.B. 2005 also amends Tennessee’s statute to remove the provision in the existing statute requiring notice only in the event of a breach of unencrypted personal information.  Accordingly, by expanding this provision, it appears Tennessee will be the first state in the country to require breach notification regardless of whether or not the information subject to the breach was encrypted.

Lastly, the bill also amends the statute to specify an “unauthorized person” includes an employee of the information holder who is discovered to have obtained personal information and intentionally used it for an unlawful purpose.  This amendment is likely focused on entities which failed to provide notification of data incidents which were the result of improper access by employees.

Here is a link to the amended law itself: http://share.tn.gov/sos/acts/109/pub/pc0692.pdf


About Jim Harris

Jim Harris has been WYSH’s News & Sports Director since 2000.
In addition to reporting local news, he is the play-by-play voice for Clinton High School football, boys’ and girls’ basketball and baseball.
Catch Jim live weekdays beginning at 6:20 am for live local news, sports, weather and traffic plus the Community Bulletin Board, shenanigans with Ron Meredith and more on the Country Club Morning Show on WYSH & WQLA.
Jim lives in Clinton with his wife Kelly and daughter Carolina, his mother-in-law and cats Lucius and Oliver.

Check Also

TBI report says firearms-related crimes on the rise

The Tennessee Bureau of Investigation released a report Thursday detailing the nature and volume of …

4 comments

  1. concerned citizen

    This is another opportunity for the “armchair quarterback” commission to take shots at the mayor. They vote to fund the vendors for the data systems. Maybe they should stop and look at what is happening instead of taking an opportunity to go after the mayor. This compromise of the data system, address the problem with the system. As usual, if everything is good it is the commission taking credit if not, the mayor is blamed.

  2. Jeannie Williams

    I guess if you wanted you could blame the Mayor but unless she handles the day to day tasks of securing the computer system (which she doesn’t) then the responsibility lies with the IT department. Commissioners would be ethically responsible if they did not properly vet the company or individual before giving them access to private information.

Leave a Reply

Your email address will not be published. Required fields are marked *