Overview of Tennessee ID scanning laws
Tennessee has 4 laws which we consider relevant to ID verification, in addition to other laws which may related to age verification, identity verification, KYC, privacy, and biometrics.
Can you scan IDs in Tennessee?
Yes. There are no laws prohibiting or regulating the electronic scanning of an ID in Tennessee.
Can you save data from a scanned ID in Tennessee?
Yes. There are no current laws which limit or restrict saving data from a scanned ID in Tennessee.
Does Tennessee offer affirmative defense for ID scanning?
No. Tennessee has no affirmative defense laws related to ID scanning.
What types of IDs does Tennessee issue?
Tennessee issues drivers licenses and state IDs, including REAL ID.
Individual Tennessee ID verification laws
Age verification for alcohol sales
Tennessee requires that businesses verify age but does not require electronic scanning or verification for alcohol sales.
Age verification for tobacco sales
Tennessee requires that businesses verify age but does not require electronic scanning or verification for tobacco sales.
Age verification for pornography
Tennessee requires pornographic websites verify their visitors’ age to ensure they are at least 18 years old.
Age verification for social media
Tennessee requires social media companies to verify the age of new users and obtain parental consent for users under 18.
ID scanning for scrap metal
Scrap metal dealers must verify government-issued ID and record ID data, including name, sex, height, date of birth, address, and ID number, for all sellers. ID scanning can ensure this process is efficient and compliant.
Data privacy laws in Tennessee
The Tennessee Information Protection Act (TIPA) grants consumers the following rights:
- Confirm whether a controller is processing the consumer’s personal information and to access the personal information.
- Correct inaccuracies in the consumer’s personal information, “taking into account the nature of the personal information and the purposes of the processing of the consumer’s personal information.”
- Delete personal information provided by or obtained about the consumer unless it is aggregated or de-identified data.
- Obtain a copy of personal information previously provided to the controller in a portable and readily usable format.
- Opt out of a controller’s processing of personal information for the purposes of selling it to a third party, targeted advertising, or profiling.
Controllers have 45 days to respond. Other requirements for businesses in Tennesse outlined in TIPA include:
- Adhere to data minimization and purpose limitation principals (that is, limiting the collection and processing of personal information to what is adequate, relevant, and reasonably necessary for your intended purpose).
- Establish administrative, technical, and physical data security practices.
- Not process personal information that results in discrimination against consumers or discriminate against a consumer for exercising their rights.
- Not process sensitive data concerning a consumer without obtaining the their consent first. If a controller processes sensitive data concerning a known child, it must be processed in accordance with the Children’s Online Privacy Protection Act (COPPA).
- Respond to consumer rights requests, as outlined above.
- Conduct a data protection assessment for processing personal information for certain risky activities, like targeted advertising, the sale of information, processing sensitive data, and more.
