Consentmo is dedicated to protecting and respecting your privacy. We will only use your personal information to respond to inquiries, provide requested materials, or share updates and services that we believe may interest you.
The Tennessee Information Protection Act (TIPA) is a comprehensive data privacy law designed to protect the personal information of Tennessee residents. Enacted in 2023, TIPA imposes obligations on businesses that collect, process, or share consumer data, ensuring greater transparency and security. Effective Date: July 1, 2025 (with a 1-year grace period for compliance).
TIPA applies to businesses that:
- Operate in Tennessee or target Tennessee residents, ANDExceed $25 million in annual revenue, OR
- Process personal data of at least 175,000 consumers annually, OR
- Derive 50%+ of revenue from selling personal data (with some exemptions).
Certain entities, such as healthcare providers already compliant with HIPAA or financial institutions under GLBA, may have exemptions or modified requirements.
To comply with TIPA, businesses must:
Provide Clear Privacy Notices
– Disclose data collection practices, purposes, and third-party sharing.Implement Reasonable Security Measures
– Safeguard personal data against breaches.
Honor Consumer Rights
– Allow Tennessee residents to: Access their personal data.
– Correct inaccuracies.
– Request deletion (with exceptions).
– Opt out of data sales or targeted advertising.
Conduct Data Protection Assessments (DPAs)
– For high-risk processing activities.
Avoid Discrimination
– Businesses cannot penalize users for exercising their privacy rights.
1. Audit Your Data Practices – Identify what personal data you collect and how it’s used.
2. Update Privacy Policies – Ensure they align with TIPA’s disclosure requirements.
3. Establish Data Subject Request Processes – Enable consumers to exercise their rights.
4. Train Employees – Educate staff on TIPA obligations and data security best practices.
5. Work with Legal & Compliance Experts – Ensure full adherence to the law.
Violations of TIPA may result in:
- Civil penalties (up to $7,500 per violation).
- Enforcement actions by the Tennessee Attorney General.
- Potential lawsuits if a breach occurs due to negligence.
Improve the effectiveness of your compliance strategy now.
Download checklistTennessee residents can:
✅ Access their personal data held by a business.
✅ Correct inaccurate data.
✅ Delete their data (with some exceptions).
✅ Opt out of: Sale of personal data; Targeted advertising; Profiling for significant decisionsHow do consumers submit data requests? Businesses must provide at least two methods (e.g., webform, toll-free number, email) for consumers to exercise their rights.
Certain entities are exempt, including:
- Government agencies
- NonprofitsHigher education institutions
- HIPAA-covered entities (healthcare providers)
- Financial institutions under GLBA
- Businesses already complying with COPPA (Children’s Online Privacy Protection Act).
Data Mapping – Identify what personal data you collect.
Update Privacy Policies – Disclose practices per TIPA.
Implement Request Mechanisms – Allow consumers to access/delete data.
Train Staff – Ensure employees understand compliance.
Conduct Risk Assessments – For high-risk processing.
Shopify merchants can streamline compliance by leveraging tools like Consentmo, which offers automated solutions for managing cookie consent, generating privacy notices, and processing data subject requests.