Tennessee Privacy Law Recognizes CBPR and PRP Certifications

Listen
to
this
post

On
April
21,
2023,
the
Tennessee
legislature

voted
to
enact
the
Tennessee
Information
Privacy
Act
(H.B.
1181)(“TIPA”).
TIPA
includes
a
requirement
for
controllers
and
processors
to
create,
maintain
and
comply
with
a
written
privacy
program
that
reasonably
conforms
to
the
National
Institute
of
Standards
and
Technology
(NIST)
privacy
framework.
Under
TIPA,
the
scale
and
scope
of
a
controller
or
processor’s
privacy
program
is
appropriate
if
it
is
based
on
specific
factors
enumerated
in
the
law.
These
include
(1)
the
size
and
complexity
of
the
controller
or
processor’s
business;
(2)
the
nature
and
scope
of
the
activities
of
the
controller
or
processor;
(3)
the
sensitivity
of
the
personal
information
processed;
(4)
the
cost
and
availability
of
tools
to
improve
privacy
protections
and
data
governance;
and
(5)
compliance
with
a
comparable
state
or
federal
law.

Notably,
the
TIPA
recognizes
a
controller’s
certification
to
the
APEC
Cross-Border
Privacy
Rules
system
(“CBPR”)
and
a
processor’s
certification
to
the
APEC
Privacy
Recognition
for
Processors
system
(“PRP”)
as
additional
factors
to
be
considered
in
determining
whether
the
scale
and
scope
of
a
controller
or
processor’s
privacy
program
is
appropriate.
This
marks
the
first
time
the
CBPR
and
PRP
systems,
to
which
the
U.S.
is
an
active
participating
economy,
have
been
expressly
recognized
in
a
comprehensive
state
privacy
law.

The
TIPA
has
been
sent
to
Tennessee
Governor
Bill
Lee
for
signature.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tennessee Privacy Law Recognizes CBPR and PRP Certifications

About Author

AndyC

Colorado Amends Privacy Act with H.B. 1058, Adding New Protections for Biological and Neural Data

UK ICO and Ofcom Joint Statement on Regulation of Online Services

Maryland Legislature Passes State Privacy Bill with Robust Requirements and Broad Threshold for Application

CIPL Publishes Report on Enabling Beneficial and Safe Uses of Biometric Technology Through Risk-Based Regulations

New Bipartisan Federal Privacy Proposal Unveiled: American Privacy Rights Act

Nebraska Enacts Comprehensive State Privacy Law

ESET APT Activity Report Q4 2023–Q1 2024

How to talk about climate change – and what motivates people to action: An interview with Katharine Hayhoe

In it to win it! WeLiveSecurity shortlisted for European Security Blogger Awards

What was hot at RSAC 2024? – Week in security with Tony Anscombe

RSAC 2024: AI hype overload

How to inspire future scientists? | Unlocked 403: Cybersecurity podcast

Donate Bitcoin to this address

Donate Ethereum to this address

You may have missed

Turla APT used two new backdoors to infiltrate a European ministry of foreign affairs

Friday Squid Blogging: Emotional Support Squid

How to Protect Yourself on Social Networks

Nissan reveals ransomware attack exposed 53,000 workers’ social security numbers

With three zero-days, it’s a patch-now Patch Tuesday for May

About Author

More Stories

Donate Bitcoin to this address

Donate Ethereum to this address

You may have missed