On 1 July 2025, the Tennessee Information Protection Act enters into force. The Act applies to business entities active in the state that, annually, either control or process personal information of at least 100'000 consumers or control or process personal information of at least 25'000 consumers and derive more than 50% of gross revenue from the sale of personal information. Under the Act, data controllers are required to implement cybersecurity measures to safeguard the confidentiality, integrity, and accessibility of personal information.
Original source