Section 4-1-423 - Cybersecurity - State payment of ransom prohibited - Incident reporting protocol(a) A state entity shall not submit payment with an entity that has engaged in a cybersecurity incident on an information technology system by encrypting data and then subsequently offering to decrypt that data in exchange for a ransom payment.(b) A state entity experiencing a ransom request in connection with a cybersecurity incident shall immediately notify and consult with the technology and innovation division of the Tennessee bureau of investigation.(c) As used in this section, "state entity": (1) Means an agency, department, institution, board, commission, committee, division, bureau, officer, official, or other entity of the executive, judicial, or legislative branches of state government, including a public institution of higher education and all other entities for which this state has oversight responsibility; and(2) Does not mean a vendor, contractor, insurance company, law firm, or other third party that has a contract, or does other business, with a state entity.Added by 2024 Tenn. Acts, ch. 534,s 1, eff. 3/7/2024.