Tennessee Information Protection Act

The Tennessee Information Protection Act will come into effect on January 1, 2025.

The TIPA is the eighth comprehensive state consumer privacy law to be approved in the United States.

While it has similarities to all of it’s predecessors it is most similar to the Virginia Consumer Data Protection Act and the Connecticut Data Protection Act.

Value Privacy’s experts are able to help your organization prepare and become fully compliant with any privacy laws that impact your business.

Get in touch to find out how we can help you.

Who does it impact?

The TIPA applies to companies that do business in Tennessee or target products or services to Tennessee consumers and:

  • Have more than $25 million in “revenue;” and
  • Control or process personal information of 175,000 or more Tennessee consumers; or
  • Control or process personal information of 25,000 or more Tennessee consumers and derive over 50% of gross revenue from the sale of that data.


  • Data covered by HIPAA, COPPA, the Gramm-Leach-Bliley Act, the Family Education Rights and Privacy Act and some other federal laws
  • Government entities
  • Non-profit organizations
  • Institutions of higher educations
  • Data used for compliance with the law, preventing fraud or injury to others and defending legal claims.

Consumer Rights

The right to confirm whether a controller is processing their personal data and access that data. This includes the right to confirm whether a controller is processing any data at all.

Inaccuracies in the personal data that the consumer previously provided to the controller.

Personal data provided by or about the consumer.

The right to obtain a portable copy of their personal data to the extent that is technically feasible and provided the controller will not be required to reveal any trade secret. This only applies to data the consumer previously provided to the controller.

Of the sale of personal data, targeted marketing and profiling.


The Tennessee Attorney General is exclusively responsible for enforcing the Tennessee Information Protection Act. Penalties of up to $7,500 per violation may be enforced.

cure period

The Tennessee Attorney General will be required to give 60 days written notice and an opportunity for the controller to cure any violations.

Value Privacy are on hand to make sure your business is compliant with data and privacy regulations. Whether you need a privacy health check or you want help to make sure you and your business are ready for the arrival of the Colorado Privacy Act, we’re here to help. You can find out more about what we do or contact us and have a chat about your needs.