Tennessee Information Protection Act: What Consumer Rights are Protected? featured image

Tennessee Information Protection Act: What Consumer Rights are Protected?

by John DiGiacomo

Partner

Internet Law

As discussed in related articles on our website, in May 2023, Tennessee enacted its version of a consumer data/information protection statute called the Tennessee Information Protection Act (“TIPA”). As of late 2023, about eleven States have enacted consumer data/information privacy statutes, and about a dozen more are contemplating such statutes. Revision Legal has written a number of articles related to those statutes. In this article, the Internet and Consumer Privacy Compliance lawyers at Revision Legal provide a summary of what consumer rights are protected by the TIPA.

To offer a brief summary, the TIPA is typical of similar statutes in this respect. The general framework is about providing various rights to consumers, requiring that consumers receive various notices and requiring the obtaining of consumer consent for various actions by data controllers and processors, including the use of personal data for targeted advertising and profiling.

What Rights are Protected?

The list of consumer data/information rights that are protected by the TIPA are typical of those protected by similar statutes. These include the right to know, to delete and correct information, the right to consent and portability. In particular, the TIPA gives consumers the right to:

  • Know whether a controller is processing the consumer’s data — “processing” includes the idea of “collecting”
  • Know what data is currently held by a controller/processor
  • Know why data is collected and processed — that is, to know the “business purposes” for which the data is being processed
  • To access that data and to obtain a portable copy of said data
  • To request correction of inaccuracies in the personal data
  • To require the deletion of personal data
  • To “opt out” of having personal data collected and processed for purposes of the sale/sharing of said data, targeting advertising, or profiling — note that the TIPA does not require controllers to recognize or obey universal opt-out mechanisms.
  • To not be retaliated against for exercising one’s rights

This is the standard list with nothing notable added or omitted. In addition, the TIPA mandates an appeal procedure if data controllers refuse requests by consumers such as the request to correct or delete data/information.

What are the Exceptions and Carve-Outs?

The “wiggle-room” for these consumer privacy statutes is found in the definitions of what “data” is covered and the various exceptions, carve-outs and what type of entities are exempt.

As we noted in another article related to the TIPA, the TIPA can be deemed a “business-friendly” version of these consumer rights statutes. Consistent with this, excluded data includes any collection/processing of data where the “consumer” is engaged in business or employment-related activity. Thus, no data protection for your job application, for example. The TIPA also excludes any data that is considered pseudonymous. This is data that can be recombined with other data, with minimal processing, to specifically identify natural persons. This means that, under the TIPA, a set of pseudonymous data can be sold (without notice or consent) to a third party, which can be combined with other data sets to reveal the customer’s identity. This is a notable divergence from similar statutes. Other exclusions related to data are standard, such as the exclusion of data that is collected and processed pursuant to various federal statutes, health data, etc.

The TIPA also has an exemption for state-licensed insurance companies (another notable diversion from similar statutes). Other entity exemptions are the typical ones like those for government agencies, financial institutions, not-for-profit organizations, those engaged in research, etc.

Contact the Consumer Data Privacy and Compliance Attorneys at Revision Legal

For more information, contact the experienced Consumer Data Privacy and Compliance Lawyers at Revision Legal. You can contact us through the form on this page or call (855) 473-8474.

Extra, Extra!
Recent Posts

The Minnesota Consumer Data Privacy Law: What Businesses Should Know (Part Two)

The Minnesota Consumer Data Privacy Law: What Businesses Should Know (Part Two)

Internet Law

In May 2024, Minnesota enacted the Minnesota Consumer Data Privacy Act (“MCDPA”). In Part One of this two-part article, the Consumer Data Protection Attorneys at Revision Legal discussed the consumer rights and consumer-facing business obligations imposed by the MCDPA, including additional consumer rights related to automated decisions that utilize profiling data. The MCDPA allows consumers […]

Read more about The Minnesota Consumer Data Privacy Law: What Businesses Should Know (Part Two)

Advantages of Forming Corporate Entities for Operating Your Business

Advantages of Forming Corporate Entities for Operating Your Business

Corporate

Under most circumstances, the experienced Business Lawyers at Revision Legal deem it prudent for clients to operate their businesses through a corporate entity like a standard corporation or a limited liability company. Of course, there are some circumstances where a partnership of some type might be the better option, but it would be a rare […]

Read more about Advantages of Forming Corporate Entities for Operating Your Business

The Minnesota Consumer Data Privacy Law: Summary For Consumers

The Minnesota Consumer Data Privacy Law: Summary For Consumers

Internet Law

In May 2024, Minnesota enacted a consumer data privacy statute called the Minnesota Consumer Data Privacy Act (“MCDPA”). About 20 States have enacted consumer data privacy statutes similar to the MCDPA, and the MCDPA follows the general template of those statutes. However, there are some unique and additional features of the MCDPA that are very […]

Read more about The Minnesota Consumer Data Privacy Law: Summary For Consumers

Put Revision Legal on your side

Let's Discuss Your Case