Tennessee
Tennessee Information Protection Act (TIPA)
Passed | May 11, 2023 |
Effective Date | July 1, 2025 |
Who it applies to |
Entities that (1) do business in Tennessee or provide products or services targeted to Tennessee consumers with revenue exceeding $25M; and (2) control or process data of 175,000+ consumers; or derive 50% revenue from selling data of 25,000+ consumers. Exempt entities include nonprofits, government agencies, higher education institutions, and financial institutions subject to the Gramm-Leach-Bliley Act (GLBA). |
Penalties | Up to $7,500 per violation, with the potential for triple damages for willful violations |
What’s notable about it:
Tennessee has tried to make compliance easier for companies that are already proactive on privacy. If you’re “reasonably” compliant with the National Institute of Standards and Technology (NIST) Privacy Framework, you might have an “affirmative defense” against claims that you are violating the TIPA.
TIPA's carveout for pseudonymized information extends to the consumer right to opt-out of data sales, targeted advertising, and significant profiling decisions.