In a move to bolster data protection for its residents, Tennessee is gearing up for the implementation of the Tennessee Information Protection Act (TIPA), set to unfurl its legal tendrils come July 1. The legislation targets businesses, roping in measures to safeguard consumer data and bestowing upon consumers more control over the handling of their personal information. According to the Office of the Tennessee Attorney General, TIPA's embrace will likely warm the hearts of privacy enthusiasts and raise the bar for corporate data caretakers.
The law, a brainchild of the Tennessee General Assembly and given the nod by Governor Bill Lee back in 2023, is being clarified through a series of helpful tips and guidelines. These nuggets of wisdom come courtesy of Attorney General Jonathan Skrmetti's office, aiming to clear the haze surrounding TIPA's upcoming impact on the digital playing field. "Tennessee wants to continue to be an easy place to build and run a business," Skrmetti shared, underscoring the state's commitment to a frictionless commercial environment adapted to the new privacy paradigm. Yet, in an effort to evade contrasting interest, the law exempts certain entities from its purview, such as nonprofits and healthcare organizations.
Guidance released by the division sheds light on key aspects of the act: consumer rights to access, correct, and potentially erase their data, and rigorous parameters for businesses that process significant quantities of personal information. Those rights stretch to include consumers demanding insights into the types of personal information collected, the intent behind its processing, and with whom their data's being shared. In essence, TIPA sorts consumers as bosses in their data relationship, enabling them to opt out of marketing equations that bank on their personal details.
For businesses, TIPA's gears start turning with the requirement to procure over $25 million in annual revenue and the collection or processing of personal information of at least 25,000 Tennesseans or more. It's a carve-out that directly aligns with bigger players in the data game. Under TIPA, these businesses will be shepherded to furnish consumers with transparency through privacy notices and reckon with the capacity to prove compliance with it's robust data protection framework. Violations of the act could draw the Attorney General's attention, albeit with a 60-day window to address and rectify any infractions before enforcement actions solidify.
On the cusp of its operational debut, TIPA ushers in a local renaissance of privacy rights and data etiquette, a theme resonating across the rubble of past privacy breaches. For additional information, resources, or to report suspected violations, one can turn to the Division of Consumer Affairs complaint portal. Predicated on principles of clarity and control, TIPA seeks to fortify the bulwarks guarding Tennesseans' personal data against the voracious appetites of unchecked data commoditization.
