What the New Tennessee and Minnesota Data Privacy Laws Mean for Businesses: Key Compliance Steps for July 2025

Overview of the New Laws

In July 2025, two significant data privacy laws will come into effect in the United States: the Tennessee Information Protection Act (TIPA) and the Minnesota Consumer Data Privacy Act (MCDPA). These laws introduce new compliance obligations and unique provisions for businesses operating in or handling data from these states.

The Tennessee Information Protection Act, effective July 1, 2025, mandates that businesses implement robust data protection measures, including enhanced consumer rights and stricter data processing regulations. Meanwhile, the Minnesota Consumer Data Privacy Act, effective July 31, 2025, focuses on consumer consent and transparency, requiring businesses to provide clear privacy notices and obtain explicit consent for data collection and processing.

Who is Affected

These laws apply to a wide range of businesses, particularly those that collect, process, or store personal data of residents in Tennessee and Minnesota. Companies that exceed certain thresholds in terms of revenue or data processing volume will need to comply, regardless of their physical location.

Key Compliance Steps

To ensure compliance with these new laws, businesses should consider the following steps:

  1. Update Privacy Notices: Ensure that privacy policies are transparent and easily accessible, detailing how consumer data is collected, used, and shared.
  2. Revise Data Processing Agreements: Align contracts with third-party vendors to reflect new legal requirements and ensure data protection obligations are met.
  3. Train Staff: Conduct regular training sessions to educate employees about the new laws and their responsibilities in safeguarding consumer data.
  4. Implement Data Protection Measures: Adopt technical and organizational measures to protect personal data against unauthorized access and breaches.

Potential Challenges and Enforcement Risks

Businesses should be aware of potential challenges, such as the complexity of integrating new compliance measures into existing systems and the risk of penalties for non-compliance. Enforcement of these laws will likely involve significant fines and legal actions for businesses that fail to adhere to the new standards.

The introduction of these laws is part of a broader trend towards a patchwork of state-level privacy regulations in the US. This trend poses challenges for national and international businesses, which must navigate varying legal requirements across different jurisdictions. Staying informed and proactive in compliance efforts is crucial for businesses to mitigate risks and maintain consumer trust.