What is the Tennessee Information Protection Act (TIPA)?
The Tennessee Information Protection Act (TIPA), effective July 1, 2025, is a state-level data privacy law that regulates how companies manage and protect consumers’ personal data within Tennessee.
TIPA applies to businesses operating in Tennessee that meet specific criteria, such as annual revenues over $25 million and processing data for over 175,000 consumers or generating over 50% of revenue from selling data from at least 25,000 consumers.
The Act introduces consumer rights, including data access, correction, deletion, and options to opt out of targeted advertising and data sales, aligning Tennessee’s data privacy standards with those of other U.S. states.
What are the requirements for the TIPA?
To comply with TIPA, organizations must:
- Publish transparent privacy policies outlining data processing purposes and consumer rights.
- Offer ways for consumers to access, correct, delete, and port their data, along with opt-out options for data sales and targeted advertising.
- Ensure strong data security practices and manage consumer requests efficiently within specified timeframes.
- Conduct data protection assessments for specific high-risk processing activities, such as targeted advertising and profiling, ensuring these activities are well-justified and risk-balanced.
The Tennessee Attorney General oversees enforcement, with penalties up to $7,500 per violation for non-compliance. Controllers have a 60-day period to rectify any violations before fines apply, and willful violations can lead to enhanced penalties. Importantly, TIPA does not provide a private right of action.
Why should you be TIPA compliant?
Complying with TIPA helps businesses build trust with consumers by demonstrating a commitment to data privacy, potentially giving them a competitive advantage. TIPA compliance minimizes legal and financial risks by reducing exposure to fines and other penalties, which can be substantial for non-compliance. Furthermore, adhering to TIPA requirements helps organizations mitigate the risk of data breaches, enhancing their security posture and protecting sensitive information.
How to achieve compliance?
To achieve compliance, businesses should revise privacy policies, implement strong data protection practices, and establish clear procedures for handling consumer requests. Training employees on TIPA requirements and conducting regular audits will ensure ongoing compliance.
The Centraleyes platform offers a comprehensive assessment tool for TIPA, helping organizations track compliance, identify gaps, and access guidance on the regulation’s requirements. Contact us for more information.
Read more: