On 11 May 2023, the Tennessee Information Protection Act (HB 1181/SB 73) was signed into law by the Tennessee Governor. The Act applies to business entities active in the state that, annually, either control or process personal information of at least 100'000 consumers or control or process personal information of at least 25'000 consumers and derive more than 50% of gross revenue from the sale of personal information. Under the Act, data controllers are required to implement cybersecurity measures to safeguard the confidentiality, integrity, and accessibility of personal information. The Act will enter into force on 1 July 2024.
Original source