Tennessee Information Protection Act (TIPA)
A practical compliance guide for website owners. Learn what Tennessee's privacy law requires and how to implement it on your site.
Who Must Comply
Conducts business in Tennessee or targets Tennessee residents AND annual revenue exceeding $25M AND meets one of: controls/processes personal data of 175K+ consumers, OR controls/processes data of 25K+ consumers and derives 50%+ revenue from selling personal data
What Your Website Must Do
| Requirement | Status |
|---|---|
| Cookie consent banner | Recommended |
| Do Not Sell link | Required |
| Do Not Share link | Not required |
| Honor GPC browser signals | Recommended |
| Universal opt-out mechanism | Not required |
| Sensitive data opt-in consent | Required |
Required Links & Notices
The TIPA requires the following links or notices to be visible on your website:
- 1Privacy Policy
Enforcement & Penalties
Key Things to Know
Tennessee has the highest consumer threshold of any state privacy law — 175,000 consumers — combined with a $25M revenue requirement. This significantly limits the law's scope to larger businesses.
Affirmative defense: Tennessee is unique in offering an affirmative defense for businesses that maintain a written privacy program that reasonably conforms to the NIST Privacy Framework. This is the only state law with such a provision.
High thresholds: The combined $25M revenue AND 175K consumer threshold means most small and mid-sized businesses in Tennessee are exempt.
How to Configure LegalBanner for TIPA
- 1
Create your site
Sign up for free and add your website domain in the dashboard.
- 2
Set consent mode to "Opt-out"
In Settings, select the consent mode that matches Tennessee's requirements.
- 3
Install the snippet
Add the one-line script tag to your website. The banner, opt-out links, and GPC support are automatic.
- 4
Generate your Privacy Policy
Use the built-in policy wizard to generate a TIPA-compliant privacy policy.
Set up TIPA compliance in 5 minutes
LegalBanner handles Tennessee privacy requirements automatically — cookie banner, opt-out links, and GPC support included.
Frequently Asked Questions
When does the Tennessee TIPA take effect?
The TIPA takes effect July 1, 2025.
What makes Tennessee's thresholds unique?
Tennessee has the highest consumer threshold (175,000) among all state privacy laws, combined with a $25M annual revenue requirement. This means fewer businesses are covered compared to other states.
What is the NIST Privacy Framework affirmative defense?
Tennessee uniquely allows businesses to use compliance with the NIST Privacy Framework as an affirmative defense against violations. No other state provides this defense.
Does Tennessee require honoring GPC signals?
No. Tennessee does not require businesses to honor GPC or universal opt-out mechanisms.
What are the penalties for TIPA violations?
Up to $7,500 per violation. The 60-day cure period is permanent (no sunset). The NIST affirmative defense can protect compliant businesses.