Heads Up, Businesses: Tennessee and Minnesota’s Data Privacy Laws Take Effect This Summer

Written By Kellie Bubeck

With spring (hopefully) just around the corner, it's already time to start getting ready for the upcoming state privacy laws to take effect.

This summer, Tennessee and Minnesota are rolling out new consumer data privacy laws—the Tennessee Information Protection Act (TIPA) on July 1 and the Minnesota Consumer Data Privacy Act (MCDPA) on July 31. If your business operates in either state or targets their residents, it’s time to get ready. These laws are designed to give consumers more control over their personal data, and businesses need to ensure they’re compliant before they go into effect.

Tennessee

TIPA applies to businesses with $25 million or more in revenue and: (1) during a calendar year, control or process the personal data of at least 175,000 consumers; or (2) control or process personal information of at least 25,000 consumers and derive more than 50 percent of gross revenue from the sale of personal information.

Like other state privacy laws, TIPA gives consumers the right to access, correct, delete, and opt-out of their personal data being sold or used for targeted ads. If your business handles personal data in Tennessee, you’ll need to allow consumers to easily exercise these rights within 45 days. It also requires businesses to be transparent about data collection, provide clear privacy policies, and ensure consumers can opt-out of data sales.

Minnesota

The MCDPA in Minnesota has similar rules and applies to businesses that (1) during a calendar year, control or process the personal data of 100,000 consumers or more, excluding personal data controlled or processed solely for the purpose of completing a payment transaction; or (2) control or process personal information of at least 25,000 consumers and derive more than 25 percent of gross revenue from the sale of personal information.

Both laws require businesses to protect personal data with reasonable security measures, and if you’re not compliant, the state Attorney General can step in with penalties. There’s no private right of action for consumers to sue, but your business could face fines if you mishandle personal data.

It’s time to shake off the winter blues and get your data privacy practices in shape. Review your data collection methods, update those privacy notices, and make sure any third-party contracts are locked down and compliant. You want to be ahead of the game and enjoying the summer, knowing your business is in the clear.

Kellie Bubeck https://www.bubecklaw.com/about
Previous

Definitely, Maybe: Will the FCC Cut Red Tape or Just Talk About It?
Next

Does “Do-Not-Call” Mean Do It Now? Plaintiffs Argue for Faster Opt Outs