Tennessee Information Privacy Act (TIPA)

The Tennessee Information Privacy Act (TIPA) is a data privacy law that aims to protect the personal data of Tennessee residents. Effective July 1, 2024, TIPA establishes clear guidelines for how businesses handle, process, and secure personal data.

TIPA applies to:

• Businesses that operate in Tennessee or target goods or services to Tennessee residents.
• Entities that process or control the personal data of at least 25,000 Tennessee residents annually or
• Businesses that derive significant revenue from the sale of personal data, regardless of the number of Tennessee residents affected.

TIPA Guidelines

Under TIPA, Tennessee residents have the following rights:

• Access: The right to access their personal data held by businesses.
• Correction: The right to request corrections to inaccurate or incomplete personal data.
• Deletion: The right to request deletion of their personal data, subject to certain exceptions.
• Data Portability: The right to obtain a copy of their personal data in a portable format.
• Opt-Out: The right to opt out of the sale of their personal data and its use for targeted advertising.

Businesses that meet the eligibility criteria for TIPA must:

• provide a clear and comprehensive privacy notice that outlines data collection, processing, and sharing practices.
• conduct assessments to identify and mitigate risks associated with data processing activities.
• implement reasonable security measures to protect personal data from unauthorized access, breaches, or misuse.
• ensure that contracts with third-party data processors include clauses that enforce TIPA compliance.
• seek explicit consent before processing sensitive data categories, such as health information or biometric data.
• notify affected individuals of data breaches within 45 days of discovering the breach. The notice should include details about the breach, the types of data involved, and steps taken to address the breach.

How Finite State Helps You Comply with TIPA

Finite State can complement your data protection efforts by strengthening your data security capabilities, particularly by: 

• Enforcing Secure Coding Practices: Seamless integrations into existing CI/CD pipelines automatically analyze source code and compiled binaries for common security vulnerabilities and coding errors. This allows engineers to identify vulnerabilities hidden deep within legacy code and third-party libraries and detect and address issues early in the development process.
• Real-Time Threat Detection: Integrations with vulnerability databases provide up-to-date information on the latest threats and exploits, allowing for the proactive identification of potential risks before they can be exploited.
• Automate Vulnerability Identification: Using our advanced binary and source code SCA, vulnerabilities can be identified as they’re introduced across the SDLC to help teams keep applications secure.
• Comprehensive SBOM Solutions: Automatically generate Software Bill of Materials throughout the SDLC and easily compile detailed information on all components in your products, including open-source libraries, third-party dependencies, and custom code to improve transparency and identify potential security risks in your software supply chain.

Strong cybersecurity requires a collective effort. Talk to the team today to discover how Finite State can help you comply with TIPA.