Securiti launches Gencore AI, a holistic solution to build Safe Enterprise AI with proprietary data - easily

View

Tennessee Information Protection Act (TIPA)

Last Updated on September 18, 2024

Schedule Your
Personal Demo

Learn how you can leverage Securiti’s Data Command Center to address data security, privacy, governance, and compliance.

See a demo
Schedule your demo today

Tennessee has enacted the Tennessee Information Protection Act (TIPA), making it the latest state in the U.S. to implement comprehensive data privacy regulation. The legislation was unanimously passed by the State General Assembly and signed into law by Governor Bill Lee on May 11, 2023, with an effective date of July 1, 2025.

While TIPA includes many standard provisions found in several state data privacy laws across the US, it distinguishes itself by emphasizing an affirmative defense for organizations adhering to the National Institute of Standards and Technology (NIST) privacy framework.

Additionally, TIPA allows Tennessee courts to impose treble damages for willful or knowing violations, making it stricter in some aspects compared to similar laws in Virginia and Indiana.


The Solution

Securiti enables organizations to comply with Tennessee Information Protection Act (TIPA) through AI-driven PI data discovery, DSR automation, documented accountability, enhanced visibility into data processing activities, and AI-driven process automation.

Securiti supports enterprises' journey toward compliance with Tennessee Information Protection Act (TIPA) through automation, enhanced data visibility, and identity linking.

Panama’s PDPL Solutiion

Readiness Assessment

TIPA Provisions

Automatically update and refresh your privacy policies and notices. Build and publish a privacy notice with pre-built templates in compliance with the TIPA.

 Readiness securiti
Texas

Auto Compliance Management

TIPA Provisions

Automate compliance with TIPA using Securirti common controls and tests.

Privacy Notice Management

Section(s): 47-18-3204(c), 47-18-3204(d), 47-18-3204(e)

Automatically update and refresh your privacy policies and notices. Build and publish a privacy notice with pre-built templates in compliance with the TIPA.

Privacy Notice Management
Universal Consent Management

Universal Consent Management

Section(s): 47-18-3204(a)(2), 47-18-3204(a)(6)

Monitor consent for various data processing activities via the central dashboard. Track consent revocation to prevent the processing or transfer of data without consent.

Cookie Consent Management

Section(s): 47-18-3204(a)(2), 47-18-3204(a)(6), 47-18-3204(d)

Scan websites to classify cookies, deploy customized consent collection points, and link consent to user identities and personal data categories collected from endpoints.

Cookie Consent
Panama Automate People Data Graph securiti

Sensitive Data Intelligence

Section(s): 47-18-3201(3), 47-18-3201(17), 47-18-3201(18), 47-18-3201(22), 47-18-3201(26)

Discover personal data and sensitive data stored across all systems within the organization and link it to unique data subjects. Visualize personal data sprawl and identify compliance risks.

Data Mapping Automation

Section(s): 47-18-3204(a)(1)

Trace data flow across your systems, catalog data collection and transfer, and document business process flows internally and to the processors.

Data mapping
DSR

Data Subject Rights Fulfillments

Section(s): 47-18-3203, 47-18-3204(e)

Create customized web forms and accept verified DSR requests. Automate the initiation of the access, correction, deletion, portability and opt-out request fulfillment workflows in compliance with the TIPA.

Data Breach Management

Tennessee Code Section 47-18-2107

Track and manage potential incidents and data breaches with automated notification guidance based on global regulatory requirements.

Panama Assess Data Protection Measures securiti
Panama Automate Records of Processing Activities securiti

Data Protection Assessment Automation

Section(s): 47-18-3206

Initiate Data Protection Assessments (DPAs) using compliance templates, invite stakeholders to contribute and review responses, track progress in real-time, and share approved assessments with third parties.

Vendor Assessments

Section(s): 47-18-3205

You can track privacy and security readiness from a single interface for all your service providers. You can also collaborate instantly with processors and manage all processor agreements and compliance documents.

Vendor Management
Data Security Posture

Data Security Posture Management

Section(s): 47-18-3204(a)(3)

Discover and auto-remediate security misconfigurations in SaaS and IaaS data systems using a library of rules based on vendor recommendations, industry standards, and best practices.

Key Facts about TIPA

Here are the key facts about the Tennessee Information Protection Act (TIPA):

1

TIPA is Tennessee's comprehensive data privacy regulation, aligning with similar laws in other U.S. states.

2

While TIPA shares many provisions with similar laws in Virginia and Indiana, it is stricter in certain areas, such as damage awards for violations.

3

TIPA requires data controllers to limit personal information collection to what is adequate, relevant, and reasonably necessary for the purposes for which the data is processed.

4

TIPA requires the controllers to establish, implement, and maintain reasonable administrative, technical, and physical data security practices to protect the confidentiality, integrity, and accessibility of personal information.

5

Controllers must not process sensitive data concerning a consumer without obtaining the consumer's consent.

6

TIPA provides an affirmative defense for organizations that adhere to the National Institute of Standards and Technology (NIST) privacy framework, incentivizing strict data privacy measures.

7

Controllers must conduct data protection impact assessments (DPIAs).

8

Tennessee courts are authorized to award treble damages (triple the actual damages) for willful or knowing violations of the act.

9

TIPA provides data subjects with the right to access, right to correction, right to deletion, right to data portability, and the right to opt-out.

10

TIPA will come into effect on July 1, 2025.

IDC MarketScape

Securiti named a Leader in the IDC MarketScape for Data Privacy Compliance Software

Read the Report

What's
New