HB Ad Slot
HB Mobile Ad Slot
Tennessee Information Privacy Act
Thursday, April 27, 2023

Assuming sign-off from Governor Bill Lee, Tennessee is poised to become the latest state to implement a comprehensive privacy law.  The Tennessee Information Privacy Act (TIPA) continues the trend of generally following California’s CCPA, but with one significant difference.  We have pulled together below some of the common questions businesses are asking about the TIPA and some initial responses.

Are all organizations subject to TIPA?

No.  Similar to other state privacy laws, TIPA applies to companies doing business in, or target products or services to, Tennessee residents and that process personal information of at least (a) 100,000 consumers, or (b) 25,000 consumers and derive more than 50% of their gross revenues from the sale of personal information.  Exemptions apply, including for non-profits, HIPAA-covered entities, and financial institutions.

If I meet my CCPA compliance obligations, will I comply with TIPA?

Likely yes, subject to your obligations with respect to the NIST Privacy Framework. TIPA requires all in scope companies to implement, maintain, and comply with, a written privacy program that conforms to the National Institute of Standards and Technology (NIST) Privacy Framework (PF). 

What is the NIST Privacy Framework, and what does it require?

The PF can be found here and provides a framework to improve risk management for data processing activities, focusing (at a high level) on the following principles:

  • Identify – understanding and managing privacy risk.
  • Govern - developing and implementing organizational governance with respect to privacy risk.
  • Control – developing and implementing policies, process, and procedures to manage data and privacy risk.
  • Communicate – communication of polies, process, and procedures and ensure awareness as to data processing practices and privacy risks.
  • Protect – developing and implementing appropriate data processing safeguards.

What happens if I don’t comply?

TIPA will be enforced by the Tennessee Attorney General, and violations not cured within 60 days of notice from the AG’s office may attract penalties of up to $15,000 per violation.

HTML Embed Code
HB Ad Slot
HB Ad Slot
HB Mobile Ad Slot
HB Ad Slot
HB Mobile Ad Slot
 
NLR Logo
We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins