Tennessee’s Governor signed HB 1181, the Tennessee Information Protection Act (TIPA), into law on May 11th, 2023. This bill established a framework for controlling and processing consumers’ personal data in the state. It makes Tennessee the eighth state to pass consumer privacy statutes alongside the following states:
- California
- Colorado
- Connecticut
- Indiana
- Iowa
- Utah
- Virginia
Let's unravel the details of this groundbreaking legislation that puts consumers first!
Unraveling The Key Provisions Of This Bill
TIPA is a game-changer for anyone doing business in the state of Tennessee. If you control or process personal data for at least 100,000 Tennessee residents, or if you handle personal data for at least 25,000 residents and derive 50% of gross revenue from the sale of personal data, this law is for you.
But hold on; it’s not just about businesses. TIPA is a big win for consumers as well. Picture this: you have access to your personal data, the power to make corrections, request deletion, and even access your data in a portable format. In addition, you can request what categories of your information are being sold or disclosed. For those that are not a fan of your data being pushed around, you can opt out of the sale of your data altogether.
Now, let’s talk about responsibilities. If you’re a data controller under TIPA, listen up. You must respond to consumers’ requests within 45 days (unless qualifying circumstances arise) and provide the requested info for free, not once but twice a year for each consumer. If a consumer doesn’t like your response, they’ve got an appeals process on their side. But wait, there’s more! TIPA puts serious constraints on how you handle data. It’s all about collecting what you truly need, keeping it secure, and never processing it for purposes that don’t align with the specified goal. Steer clear of any discrimination issues or unauthorized access; sensitive data needs explicit consumer consent. Let’s not forget that you must ensure that contracts and agreements do not waive or limit consumers’ data rights. Privacy notices must be clear as day, leaving no room for confusion.
What More?
Here’s the kicker: the state attorney general means business. TIPA empowers them to enforce the law, handing out penalties of up to $15,000 per violation and even treble damages for those who knowingly and willfully break the law. If a TIPA violation has been discovered, the attorney general gives the data controller written notice and will have 60 days to fix the alleged violation before the attorney general can file a suit.
If you’re a business owner in Tennessee, mark your calendars for July 1st, 2024. Now the question is, what will you do to stay ahead of the game? How will you prepare yourself and your business for these groundbreaking changes that protect consumer privacy?
Stay Ahead Of The Curve – Partner With A PEO
It’s time to take action and ensure you’re on the right side of the law. You might be wondering how to navigate this new law effectively. Luckily, there’s a solution that can make your journey smoother and ensure compliance from day one – partner with a professional employer organization (PEO) like GMS.
When you partner with GMS, we provide the expertise, resources, and support needed to implement TIPA seamlessly. From handling data requests and privacy notices to establishing robust data security measures, we have your back. Don’t wait until July 1st, 2024 – start preparing today by considering a PEO partnership and proactively safeguarding your business and customers’ privacy. Together, let’s pave the way for a secure and successful future. Get in touch with us today.