Senate Bill 2100 amends the Tennessee Information Protection Act by expanding the definition of a "controller" to include entities primarily engaged in the commercial sale, licensing, or transfer of personal information, regardless of their direct relationship with individuals. The bill introduces a requirement for controllers to register with the consumer protection division of the attorney general's office by January 31 each year, along with a registration fee that will fund the Information Protection Registry. Additionally, the bill mandates the creation of a webpage by July 1, 2027, which will feature an accessible deletion mechanism for consumers to request the deletion of their personal information.

The bill outlines specific procedures for controllers regarding the deletion of personal information, including a timeline for processing deletion requests and the requirement to maintain security measures to protect consumer data. It establishes a special account within the state general fund, known as the information protection registry fund, to manage the fees collected from registrations and to support the implementation of the bill's provisions. The act is set to take effect on July 1, 2027, ensuring that consumers have enhanced rights and mechanisms to control their personal information.

Statutes affected:
Introduced: 47-18-3302(8), 47-18-3302