Tennessee

Summary

Law: The Tennessee Information Protection Act ('TIPA')

Regulator: The Tennessee Attorney General ('AG')

Summary: On May 11, 2023, the Tennessee Governor signed the Tennessee Information Protection Act (TIPA) into law, which will become effective on July 1, 2025. The TIPA sets out obligations for businesses covered by its scope, such as risk assessments, data minimization requirements, and obtaining opt-in consent for processing sensitive personal information, and establishes consumer rights, including the right to know, access, correction, deletion, and data portability, as well as a right to opt out of the sale of personal information, targeted advertising, and profiling. Moreover, the TIPA provides the Tennessee Attorney General (AG) with exclusive authority to bring actions, while also recognizing that controllers or processors that comply with a privacy program that reasonably conforms to the National Institute of Standards of Technology (NIST) or other documented policies, standards, and procedures designed to safeguard consumer privacy, have an affirmative defense to a cause of action for a violation of the TIPA.

Furthermore, Tennessee has recognized the common law tort of invasions of privacy, and like all US states, it has enacted a data breach notification law under §47-18-2107 of the Tennessee Code, as amended in 2017 (the Tennessee Code). Notably, Tennessee was the first US state requiring notification of a breach of both encrypted and unencrypted information. In 2017, the Tennessee legislature amended the definition of a breach of system security to not include the good faith acquisition of personal information by an employee if the personal information is not used or subject to further unauthorized disclosure.

Other Tennessee privacy laws tend to focus on consumer protection, including laws governing the privacy of consumer reports, security freeze requests, identity theft, and the protection of personally identifiable information of consumers of videotape sellers or service providers. In addition, Tennessee has the Insurance Data Security Law under §56-2-1001 et seq. of Part 10 Chapter 2 of Title 56 of the Tennessee Code which limits the disclosure or redisclosure and reuse of non-public personal information by insurers and agents. In addition, on April 28, 2023, the Tennessee Governor signed into law the Genetic Information Privacy Act, which entered into effect on July 1, 2023.

You can follow legislative developments in the US through the USA State Law Tracker.

Browse more content in Tennessee

All Guidance Notes

All News

All Insights

News

19 November 2024

USA: 32 state AGs send letter to Congress over Bill for Kids Online Safety Act

10 October 2024

Tennessee: AG files motion for TikTok’s failure to preserve and produce relevant evidence in investigation to possible consumer protection law violations

08 May 2024

Tennessee: Protecting Children from Social Media Act signed by Governor

24 April 2024

Tennessee: Protecting Children from Social Media Act signed by House and Senate Speakers

22 April 2024

Tennessee: Bill creating AI advisory council recommended for passage and referred to Calendar and Rules Committee

17 April 2024

Tennessee: Protecting Children from Social Media Act sent to House Speaker for signature

03 April 2024

Tennessee: Bill creating AI advisory council recommended for passage

22 March 2024

Tennessee: Governor signs ELVIS Act into law

12 March 2024

Tennessee: Bill creating AI advisory council placed on Senate Commerce and Labor Committee calendar

12 March 2024

Tennessee: Bill creating AI advisory council placed on State Government Committee calendar

12 March 2024

Tennessee: Bill requiring disclosure on AI-generated content assigned to Banking and Consumer Affairs Subcommittee

12 March 2024

Tennessee: Bill requiring disclosure on AI-generated content referred to Senate Commerce and Labor Committee

Insights

July 2023

Tennessee: TIPA - FAQs

The Tennessee Information Protection Act (TIPA) was signed into law by the Governor of Tennessee, Bill Lee, on May 11, 2023, having passed both Houses of the Tennessee General Assembly.

The TIPA will enter into effect on July 1, 2025.

July 2023

Tennessee: Overview of the Tennessee Information Protection Act

The Tennessee Information Protection Act (TIPA) (HB 1181) was signed into law by Governor Bill Lee on May 11, 2023. As of the publication of this Insight article, Tennessee is one of 11 states that have passed 'comprehensive' privacy laws (laws that protect an individual's general right to privacy, instead of only regulating certain data processing contexts), joining California, Colorado, Virginia, Utah, Connecticut, Iowa, Indiana, Montana, Texas, and Oregon.

In this Insight article, Kirk Nahra, Ali Jessani, Genesis Ruano, and Samuel Kane, from Wilmer Cutler Pickering Hale and Dorr LLP, provide a detailed breakdown of TIPA's applicability, exemptions, key definitions, substantive requirements, and enforcement provisions.

June 2023

Tennessee: Information Protection Act - a comprehensive state privacy law

The Tennessee Information Protection Act (TIPA) was introduced, on January 31, 2023, to the Tennessee House of Representatives. Since then, the TIPA has passed both State Houses and was signed by the Tennessee Governor, on May 11, 2023. The TIPA introduces obligations for both data controllers and data processors, as well as consumer rights, and will enter into effect on July 1, 2025. OneTrust DataGuidance Research provides an overview of the key provisions under the TIPA.

Tennessee

Summary

Browse more content in Tennessee

News

Insights

Get the Latest News

Thanks for signing up!

Company

Our Policies

Your Rights

Follow us