On 10 January 2023, the Tennessee Information Protection Act (Senate Bill 0073), which includes cybersecurity regulation, was introduced in the Tennessee Senate. The Act would apply to business entities active in the state that, on an annual basis, either control or process personal information of at least 100'000 consumers, or control or process personal information of at least 25,000 consumers and derive more than 50% of gross revenue from the sale of personal information. Controllers would be required to implement cybersecurity measures to safeguard the confidentiality, integrity, and accessibility personal information.
Original source