This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
header image


Tennessee Information Protection Act (TIPA)

Passed May 11, 2023
Effective Date July 1, 2025
Who it applies to

Entities that (1) do business in Tennessee or provide products or services targeted to Tennessee consumers with revenue exceeding $25M; and (2) control or process data of 175,000+ consumers; or derive 50% revenue from selling data of 25,000+ consumers. Exempt entities include nonprofits, government agencies, higher education institutions, and financial institutions subject to the Gramm-Leach-Bliley Act (GLBA).

Penalties Up to $7,500 per violation, with the potential for triple damages for willful violations

What’s notable about it:

Tennessee has tried to make compliance easier for companies that are already proactive on privacy. If you’re “reasonably” compliant with the National Institute of Standards and Technology (NIST) Privacy Framework, you might have an “affirmative defense” against claims that you are violating the TIPA.

TIPA's carveout for pseudonymized information extends to the consumer right to opt-out of data sales, targeted advertising, and significant profiling decisions.

The Strict Spectrum

Less Strict