Tennessee Information Protection Act
Data last verified: March 23, 2026
- Effective Date
- July 1, 2025
- Enforcement Date
- Not specified in statute
Summary
Tennessee Information Protection Act provides consumers the right to opt out of profiling for significant decisions and requires data protection assessments. It has a higher applicability threshold than most state privacy laws, requiring both $25M+ revenue and high consumer data volume.
Who It Applies To
Applies to businesses with $25M+ annual revenue AND processing data of 175,000+ TN consumers, or $25M+ revenue AND 25,000+ consumers if 50%+ revenue from data sales.
- Min Consumers:
- 175,000
- Min Annual Revenue:
- $25,000,000
All thresholds must be met
Penalties
- Penalty Range
- $0 – $7,500per violation
- Cure Period
- 60-day cure period
- Private Right of Action
- No private right of action
- Enforcement Body
- Tennessee Attorney General and Reporter
Requirements (4)
- Opt-Out§ 47-18-3203(a)(2)(E)
This law provides consumers the right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects.
- Impact Assessment§ 47-18-3206
This law requires controllers to conduct data protection assessments for processing activities involving profiling, targeted advertising, sale of personal data, sensitive data, or activities presenting heightened risk of harm.
- Disclosure§ 47-18-3204(c)
This law requires controllers to provide a reasonably accessible, clear, and meaningful privacy notice.
- Consent§ 47-18-3204(a)(6)
This law requires controllers to obtain consumer consent before processing sensitive data, or comply with COPPA for children's data.
Claire tracks 31 state and local AI laws across 23 US states. No prescriptive federal AI compliance statutes have been enacted. EU AI Act and sector-specific regulations are not covered.
Check if this law applies to your business