Tennessee Information Privacy Act

What is the Tennessee Information Privacy Act (TIPA)?


The Tennessee Information Privacy Act (TIPA), officially House Bill 1181, is a data privacy law protecting the privacy of Tennessee residents by granting them certain rights and imposing obligations on businesses that collect and process their personal data.

Consumers have the following TIPA rights:

  • Right to access and copy personal data.
  • Right to correction of inaccurate data.
  • Right to deletion of personal data under certain circumstances.
  • Right to opt out of the sale of personal data.
  • Right to opt out of targeted advertising.

Businesses, on the other hand, have the following duties:

  • Implement and maintain reasonable security measures to protect personal data.
  • Obtain opt-in consent for processing sensitive data.
  • Respond to consumer requests within a reasonable timeframe.
  • Disclose data collection and processing practices in a clear and accessible privacy notice.
  • Allow consumers to opt out of the sale of data or from targeted advertising
  • Honor consumer’s requests in a timely manner
  • Implement data minimization and purpose limitation

MergeBase and TIPA


Although the TIPA is not relevant to MergeBase, our prevailing data protection and security practices already exceed the requirements outlined in this Tennessee law. If the law were to apply to us, we could achieve compliance without additional efforts.


How Can MergeBase Help You Comply with the CCPA?


Your initial and most crucial step is identifying the most fitting data security measures for your needs. After pinpointing these measures, selecting the appropriate tools becomes essential, and this is where MergeBase steps in to offer support.

The top three ways MergeBase can assist you in adhering to the Tennessee privacy law encompass:

1. Vulnerability Management — MergeBase actively detects and ranks vulnerabilities within open-source components utilized in applications that handle personal data. If exploited, these vulnerabilities can lead to unauthorized access, disclosure, or modification, breaching the security mandates of Tennessee’s privacy regulations.

2. Continuous Monitoring — Regular vulnerability scanning enables companies to remain vigilant against emerging threats and address them swiftly, showcasing a commitment to robust data security.

3. Patch Management Integration — Reports from MergeBase can be seamlessly incorporated into patch management systems, expediting vulnerability remediation and minimizing the exposure period for personal data.