TIPA Header Title.

What is TIPA?

The Tennessee Information Protection Act (TIPA) is a comprehensive data privacy law designed to protect the personal information of Tennessee residents. Enacted in 2023, TIPA imposes obligations on businesses that collect, process, or share consumer data, ensuring greater transparency and security. Effective Date: July 1, 2025 (with a 1-year grace period for compliance).

Who needs to comply with TIPA?

TIPA applies to businesses that:
- Operate in Tennessee or target Tennessee residents, ANDExceed $25 million in annual revenue, OR
-
Process personal data of at least 175,000 consumers annually, OR
-
Derive 50%+ of revenue from selling personal data (with some exemptions).

Certain entities, such as healthcare providers already compliant with HIPAA or financial institutions under GLBA, may have exemptions or modified requirements.

Tennessee state.
graphic of a white magnifying glass against a blue background

Key requirements under TIPA

To comply with TIPA, businesses must:
Provide Clear Privacy Notices
– Disclose data collection practices, purposes, and third-party sharing.Implement Reasonable Security Measures
– Safeguard personal data against breaches.
Honor Consumer Rights
– Allow Tennessee residents to: Access their personal data.
– Correct inaccuracies.
– Request deletion (with exceptions).
– Opt out of data sales or targeted advertising.
Conduct Data Protection Assessments (DPAs)
– For high-risk processing activities.
Avoid Discrimination
– Businesses cannot penalize users for exercising their privacy rights.

How to Achieve TIPA Compliance

1. Audit Your Data Practices – Identify what personal data you collect and how it’s used.
2. Update Privacy Policies – Ensure they align with TIPA’s disclosure requirements.
3. Establish Data Subject Request Processes – Enable consumers to exercise their rights.
4. Train Employees – Educate staff on TIPA obligations and data security best practices.
5. Work with Legal & Compliance Experts – Ensure full adherence to the law.

graphic of a building in white against a blue background
white sheet of paper graphic against a blue background with shield in front of it

Penalties for Non-Compliance

Violations of TIPA may result in:
- Civil penalties (up to $7,500 per violation).
- Enforcement actions by the Tennessee Attorney General.
- Potential lawsuits if a breach occurs due to negligence.

Get the UCPA checklist for Free

Improve the effectiveness of your compliance strategy now.

Download checklist
graphic of a white notepad page against a black background

Frequently Asked Questions

What rights does TIPA give consumers?

Tennessee residents can:
Access their personal data held by a business.
Correct inaccurate data.
Delete their data (with some exceptions).
Opt out of: Sale of personal data; Targeted advertising; Profiling for significant decisionsHow do consumers submit data requests? Businesses must provide at least two methods (e.g., webform, toll-free number, email) for consumers to exercise their rights.

Who is exempt from TIPA?

Certain entities are exempt, including:
- Government agencies
- NonprofitsHigher education institutions
- HIPAA-covered entities (healthcare providers)
- Financial institutions under GLBA
- Businesses already complying with COPPA (Children’s Online Privacy Protection Act).

What steps should businesses take to comply?

Data Mapping – Identify what personal data you collect.
Update Privacy Policies – Disclose practices per TIPA.
Implement Request Mechanisms – Allow consumers to access/delete data.
Train Staff – Ensure employees understand compliance.
Conduct Risk Assessments – For high-risk processing.

Shopify merchants can streamline compliance by leveraging tools like Consentmo, which offers automated solutions for managing cookie consent, generating privacy notices, and processing data subject requests.

Is your site compliant?