On May 11, 2023, the state of Tennessee witnessed a significant shift in data privacy norms as Governor Bill Lee signed the Tennessee Information Protection Act (TIPA) into law. Joining the rapidly growing ranks of U.S. states to advance comprehensive data privacy legislations, Tennessee’s move comes in line with increasing calls for robust digital rights and protections. The law is set to take effect from July 1, 2025. Read more about the commencement here.
It is noteworthy to observe the parallels between TIPA and other state privacy laws aimed at striking a more “business-friendly” balance between consumer protection and industrial growth. Efforts in this direction have seen recent successes, as evidenced in the passing of statutes like the Virginia Consumer Data Protection Act (VCDPA), the Utah Consumer Privacy Act (UCPA), and the Iowa Act Relating to Consumer Data Protection (ICDPA).
- The Virginia Consumer Data Protection Act (VCDPA) imposes controls on the processing of personal data by certain large businesses and provides robust consumer rights such as access, correction, deletion, and portability of personal data.
- The Utah Consumer Privacy Act (UCPA) emphasizes a balanced framework that bolsters consumer rights to personal data while minimizing business compliance burdens.
- The Iowa Act Relating to Consumer Data Protection (ICDPA) introduced parameters for privacy operations and obligations, heavily influencing data collection, usage, and security policies.
While these laws undoubtedly signal an increased emphasis on key consumer privacy rights, businesses across the country – and indeed, the world – need to focus on building privacy-compliant operations. This change calls for a careful revisiting of data management practices, the development of comprehensive data protection strategies, and the effective education of stakeholders about these state laws and their implications.