Skip to main content
Comply with Tennessee’s consumer data privacy law.
The Tennessee Information Protection Act (TIPA) is a US state consumer privacy law that grants Tennessee residents rights over their personal information and imposes obligations on businesses that process it. TIPA notably references the NIST Privacy Framework as an affirmative defense.
TIPA applies to businesses meeting certain revenue and data-processing thresholds that handle the personal data of Tennessee residents.

Who needs Tennessee Information Protection Act?

Businesses serving Tennessee

Companies processing personal data of Tennessee residents above defined thresholds.

Multi-state operators

Organizations building a US state privacy program across multiple jurisdictions.

Key components

Consumer rights

Access, correction, deletion, portability, and opt-out rights.

Privacy notices

Clear disclosures about data collection and processing.

NIST alignment

Maintaining a NIST Privacy Framework-aligned program offers an affirmative defense.

Data protection assessments

Assessments for higher-risk processing activities.

How DSALTA helps with Tennessee Information Protection Act

1

Activate TIPA

Select the Tennessee Information Protection Act from the Frameworks page. DSALTA maps requirements to controls.
2

Review privacy controls

Review consumer rights and assessment controls and assign owners.
3

Collect evidence automatically

Connect integrations to maintain privacy evidence.
4

Approve privacy policies

Review and approve Tennessee-specific privacy notices.
5

Maintain accountability

Track data protection assessments and rights requests.

Frequently asked questions

TIPA is notable for offering an affirmative defense to businesses that maintain a privacy program conforming to the NIST Privacy Framework.
Businesses meeting revenue and data-volume thresholds that process personal data of Tennessee residents.