Tennessee and Minnesota Set to Reshape Business Data Practices on July 1, 2025

As the calendar turns to July, businesses across the United States will need to be aware of a new wave of state-level data privacy regulations coming into effect. Specifically, Tennessee and Minnesota are set to launch their own comprehensive privacy laws, signaling a continuing trend of states taking the lead in the absence of a federal privacy standard. These new laws will impose fresh obligations on how businesses collect, use, and protect consumer data.

Tennessee Information Protection Act (TIPA)

Effective July 1, 2025, the Tennessee Information Protection Act (TIPA) will grant consumers a host of new rights over their personal information. Modeled after Virginia’s privacy law, TIPA is considered to be a more business-friendly piece of legislation.

Who it applies to: TIPA will apply to businesses that operate in Tennessee or produce products or services targeted to Tennessee residents and that either:

• Control or process the personal information of at least 175,000 consumers.
• Control or process the personal information of at least 25,000 consumers and derive more than 50 percent of their gross revenue from the sale of personal information.

Key Requirements:

• Consumer Rights: Tennessee residents will have the right to access, correct, delete, and obtain a copy of their personal data, as well as the right to opt-out of the sale of their data, targeted advertising, and certain types of profiling.
• Opt-In for Sensitive Data: Businesses must obtain opt-in consent from consumers before processing their sensitive data, which includes information about racial or ethnic origin, religious beliefs, health diagnoses, and precise geolocation data.
• Data Protection Assessments: Companies will be required to conduct and document data protection assessments for high-risk data processing activities, such as targeted advertising and the sale of personal data.
• Right to Cure: The law provides a 60-day window for businesses to rectify any violations before the Attorney General can take action.

Minnesota Consumer Data Privacy Act (MCDPA)

Following shortly after Tennessee, the Minnesota Consumer Data Privacy Act (MCDPA) will become effective on July 31, 2025. This law also grants consumers a range of rights over their personal data.

Who it applies to: The MCDPA has a broader scope and will apply to businesses that conduct business in Minnesota or produce products or services targeted to Minnesota residents and either:

• Control or process the personal data of at least 100,000 consumers.
• Derive over 25 percent of their gross revenue from the sale of personal data and process the personal data of at least 25,000 consumers.

Key Requirements:

• Expanded Consumer Rights: Similar to other state privacy laws, Minnesotans will have the rights to access, correct, delete, and obtain a copy of their personal data. They will also have the right to opt-out of the sale of personal data, targeted advertising, and profiling.
• Broader Definition of Sale: The MCDPA defines a “sale” of personal data more broadly than some other state laws, encompassing the exchange of personal data for monetary or “other valuable consideration.”
• Universal Opt-Out: The law mandates that businesses must recognize universal opt-out mechanisms, allowing consumers to easily opt-out of the sale of their data and targeted advertising across different websites.
• Cure Period: The MCDPA includes a 30-day cure period for violations, which will expire on January 31, 2026.

The Bigger Picture and Next Steps for Businesses

The implementation of TIPA and MCDPA underscores a significant and ongoing trend of states creating a patchwork of privacy regulations. For businesses, this means that a one-size-fits-all approach to data privacy is no longer viable.

To prepare for these new laws and the evolving privacy landscape, businesses should:

1. Conduct Data Mapping: Understand what personal information is being collected, where it is stored, and for what purpose.
2. Review and Update Privacy Policies: Ensure that privacy notices are clear, comprehensive, and accurately reflect data processing activities.
3. Implement Consumer Rights Workflows: Establish procedures to efficiently receive, verify, and respond to consumer requests.
4. Assess Data Security Practices: Strengthen data security measures to protect consumer information from unauthorized access and breaches.
5. Stay Informed: Keep abreast of new and pending privacy legislation in all states where you conduct business.

As July 1, 2025, approaches, proactive compliance will be key for businesses to not only meet their legal obligations but also to build and maintain trust with their customers in an increasingly privacy-conscious world.

Conversation with Gemini

Write me a short, relatable and humor blog post for my website on this topic “Top Cybersecurity Tips for Small Businesses”

Show thinking

Stop Treating Your Business’s Cybersecurity Like a Potluck Dinner

Let’s be honest, as a small business owner, you wear more hats than a chameleon in a hat store. You’re the CEO, the marketing guru, the head of HR, and, most likely, the unofficial IT department. And when it comes to cybersecurity, the temptation is to treat it like a potluck dinner – you bring a dish (a strong password here), hope everyone else does too (please, oh please, don’t click on that weird email), and pray for the best.

But here’s the thing: cybercriminals are a lot like that one relative who always brings a questionable Jell-O salad to the potluck. They’re looking for an easy opening, and if your digital door is unlocked, they’re waltzing in and heading straight for the good stuff.

The good news? You don’t need a degree in computer science or a secret underground bunker to protect your business. Here are a few top-tier cybersecurity tips that are more common sense than super-spy gadgetry.

1. Your Passwords Are Not Your Pet’s Name (Sorry, Fido)

We get it. “Fluffy123” is easy to remember. So is “123456.” You know who else finds them easy to remember? Hackers. Using a weak password is like leaving your front door wide open with a giant, neon “Welcome!” sign flashing above it.

The Fix: Think of your password as a secret handshake. It should be long, a little weird, and something only you (and maybe a trusted password manager) would know. String together a few random words, add in some numbers and a symbol or two, and you’ve got a bouncer for your digital nightclub. And for the love of all that is holy, use different passwords for different accounts. You wouldn’t use the same key for your house, your car, and your secret cookie stash, would you?

2. That Suspicious Email? Don’t Take the Bait.

You’ve seen them. The email from a “prince” who needs your help, the urgent message from your “bank” asking you to verify your account by clicking a link that looks like it was created by a cat walking across a keyboard. This is called phishing, and it’s less like fishing and more like a cyber-crook dangling a juicy worm with a very sharp hook inside.

The Fix: Treat every unsolicited email with the skepticism of a teenager being asked to clean their room. If an email seems even a little bit off, it probably is. Don’t click on strange links or download attachments from unknown senders. If it’s from a company you know, go to their website directly instead of clicking the link in the email. It’s the digital equivalent of looking through the peephole before you open the door.

3. Update Your Software. No, Really.

We’ve all done it. The little notification pops up telling you it’s time to update your software, and you click “remind me tomorrow” for the next two weeks. Those updates might seem like a nag, but they often contain vital security patches. Ignoring them is like knowing there’s a hole in your roof and just putting a bucket under it. Eventually, you’re going to have a bad time.

The Fix: Just do it. When you see that update notification, take a deep breath and click “install.” It usually only takes a few minutes, and it’s one of the easiest ways to keep the digital bad guys at bay. Think of it as a free and easy upgrade to your business’s armor.

4. Back It Up, Buttercup!

Imagine this: you walk into your office one morning, and all your files are gone. Poof. Vanished. It’s a nightmare scenario that can be caused by anything from a ransomware attack to a spilled latte.

The Fix: Back up your data regularly. Whether you use a cloud service or an external hard drive, having a recent copy of your important files is your ultimate safety net. It’s the difference between a minor inconvenience and a full-blown business catastrophe.

Protecting your small business from cyber threats doesn’t have to be a daunting, wallet-draining endeavor. By implementing these simple, common-sense practices, you can significantly reduce your risk and get back to doing what you do best – running your awesome business. So, ditch the potluck approach to cybersecurity and start building a digital fortress. Your future self will thank you.

Please add 5 sources for further reading

Show thinking

Of course! Here is the updated blog post with a new section for further reading.

---

Stop Treating Your Business’s Cybersecurity Like a Potluck Dinner

Let’s be honest, as a small business owner, you wear more hats than a chameleon in a hat store. You’re the CEO, the marketing guru, the head of HR, and, most likely, the unofficial IT department. And when it comes to cybersecurity, the temptation is to treat it like a potluck dinner – you bring a dish (a strong password here), hope everyone else does too (please, oh please, don’t click on that weird email), and pray for the best.

But here’s the thing: cybercriminals are a lot like that one relative who always brings a questionable Jell-O salad to the potluck. They’re looking for an easy opening, and if your digital door is unlocked, they’re waltzing in and heading straight for the good stuff.

The good news? You don’t need a degree in computer science or a secret underground bunker to protect your business. Here are a few top-tier cybersecurity tips that are more common sense than super-spy gadgetry.

1. Your Passwords Are Not Your Pet’s Name (Sorry, Fido)

We get it. “Fluffy123” is easy to remember. So is “123456.” You know who else finds them easy to remember? Hackers. Using a weak password is like leaving your front door wide open with a giant, neon “Welcome!” sign flashing above it.

The Fix: Think of your password as a secret handshake. It should be long, a little weird, and something only you (and maybe a trusted password manager) would know. String together a few random words, add in some numbers and a symbol or two, and you’ve got a bouncer for your digital nightclub. And for the love of all that is holy, use different passwords for different accounts. You wouldn’t use the same key for your house, your car, and your secret cookie stash, would you?

2. That Suspicious Email? Don’t Take the Bait.

You’ve seen them. The email from a “prince” who needs your help, the urgent message from your “bank” asking you to verify your account by clicking a link that looks like it was created by a cat walking across a keyboard. This is called phishing, and it’s less like fishing and more like a cyber-crook dangling a juicy worm with a very sharp hook inside.

The Fix: Treat every unsolicited email with the skepticism of a teenager being asked to clean their room. If an email seems even a little bit off, it probably is. Don’t click on strange links or download attachments from unknown senders. If it’s from a company you know, go to their website directly instead of clicking the link in the email. It’s the digital equivalent of looking through the peephole before you open the door.

3. Update Your Software. No, Really.

We’ve all done it. The little notification pops up telling you it’s time to update your software, and you click “remind me tomorrow” for the next two weeks. Those updates might seem like a nag, but they often contain vital security patches. Ignoring them is like knowing there’s a hole in your roof and just putting a bucket under it. Eventually, you’re going to have a bad time.

The Fix: Just do it. When you see that update notification, take a deep breath and click “install.” It usually only takes a few minutes, and it’s one of the easiest ways to keep the digital bad guys at bay. Think of it as a free and easy upgrade to your business’s armor.

4. Back It Up, Buttercup!

Imagine this: you walk into your office one morning, and all your files are gone. Poof. Vanished. It’s a nightmare scenario that can be caused by anything from a ransomware attack to a spilled latte.

The Fix: Back up your data regularly. Whether you use a cloud service or an external hard drive, having a recent copy of your important files is your ultimate safety net. It’s the difference between a minor inconvenience and a full-blown business catastrophe.

Protecting your small business from cyber threats doesn’t have to be a daunting, wallet-draining endeavor. By implementing these simple, common-sense practices, you can significantly reduce your risk and get back to doing what you do best – running your awesome business. So, ditch the potluck approach to cybersecurity and start building a digital fortress. Your future self will thank you.

---

For Further Reading

Want to dive a little deeper? These resources offer fantastic, no-nonsense advice specifically for small businesses.

1. U.S. Small Business Administration (SBA) – Cybersecurity for Small Businesses: A great starting point from the SBA, offering articles, assessments, and clear, actionable steps to manage cybersecurity risks.
2. Federal Trade Commission (FTC) – Cybersecurity for Small Business: The FTC provides a wealth of information, including case studies, scam alerts, and guidance on securing your network, training employees, and creating a response plan.
3. Cybersecurity & Infrastructure Security Agency (CISA) – Cyber Essentials: CISA, a part of the Department of Homeland Security, has boiled down cybersecurity into a “Cyber Essentials” toolkit. It’s a straightforward guide to building a culture of cyber readiness.
4. NIST Small Business Cybersecurity Corner: From the National Institute of Standards and Technology, this resource provides access to the world-renowned NIST Cybersecurity Framework, but tailored for small businesses with guides, videos, and success stories.
5. Center for Internet Security (CIS) – Controls and Benchmarks: For those wanting to get a bit more technical, CIS offers a prioritized set of “Critical Security Controls” that provide a clear roadmap for defense. Their benchmarks offer secure configuration guidelines for a variety of software and systems.

Stop Treating Your Business’s Cybersecurity Like a Potluck Dinner

Let’s be honest, as a small business owner, you wear more hats than a chameleon in a hat store. You’re the CEO, the marketing guru, the head of HR, and, most likely, the unofficial IT department. And when it comes to cybersecurity, the temptation is to treat it like a potluck dinner – you bring a dish (a strong password here), hope everyone else does too (please, oh please, don’t click on that weird email), and pray for the best.

But here’s the thing: cybercriminals are a lot like that one relative who always brings a questionable Jell-O salad to the potluck. They’re looking for an easy opening, and if your digital door is unlocked, they’re waltzing in and heading straight for the good stuff.

The good news? You don’t need a degree in computer science or a secret underground bunker to protect your business. Here are a few top-tier cybersecurity tips that are more common sense than super-spy gadgetry.

1. Your Passwords Are Not Your Pet’s Name (Sorry, Fido)

We get it. “Fluffy123” is easy to remember. So is “123456.” You know who else finds them easy to remember? Hackers. Using a weak password is like leaving your front door wide open with a giant, neon “Welcome!” sign flashing above it.

The Fix: Think of your password as a secret handshake. It should be long, a little weird, and something only you (and maybe a trusted password manager) would know. String together a few random words, add in some numbers and a symbol or two, and you’ve got a bouncer for your digital nightclub. And for the love of all that is holy, use different passwords for different accounts. You wouldn’t use the same key for your house, your car, and your secret cookie stash, would you?

2. That Suspicious Email? Don’t Take the Bait.

You’ve seen them. The email from a “prince” who needs your help, the urgent message from your “bank” asking you to verify your account by clicking a link that looks like it was created by a cat walking across a keyboard. This is called phishing, and it’s less like fishing and more like a cyber-crook dangling a juicy worm with a very sharp hook inside.

The Fix: Treat every unsolicited email with the skepticism of a teenager being asked to clean their room. If an email seems even a little bit off, it probably is. Don’t click on strange links or download attachments from unknown senders. If it’s from a company you know, go to their website directly instead of clicking the link in the email. It’s the digital equivalent of looking through the peephole before you open the door.

3. Update Your Software. No, Really.

We’ve all done it. The little notification pops up telling you it’s time to update your software, and you click “remind me tomorrow” for the next two weeks. Those updates might seem like a nag, but they often contain vital security patches. Ignoring them is like knowing there’s a hole in your roof and just putting a bucket under it. Eventually, you’re going to have a bad time.

The Fix: Just do it. When you see that update notification, take a deep breath and click “install.” It usually only takes a few minutes, and it’s one of the easiest ways to keep the digital bad guys at bay. Think of it as a free and easy upgrade to your business’s armor.

4. Back It Up, Buttercup!

Imagine this: you walk into your office one morning, and all your files are gone. Poof. Vanished. It’s a nightmare scenario that can be caused by anything from a ransomware attack to a spilled latte.

The Fix: Back up your data regularly. Whether you use a cloud service or an external hard drive, having a recent copy of your important files is your ultimate safety net. It’s the difference between a minor inconvenience and a full-blown business catastrophe.

Protecting your small business from cyber threats doesn’t have to be a daunting, wallet-draining endeavor. By implementing these simple, common-sense practices, you can significantly reduce your risk and get back to doing what you do best – running your awesome business. So, ditch the potluck approach to cybersecurity and start building a digital fortress. Your future self will thank you.

---

For Further Reading

Want to dive a little deeper? These resources offer a wealth of information and are specifically designed for small businesses.

1. U.S. Small Business Administration (SBA) – Cybersecurity: The SBA provides straightforward, actionable advice on identifying and protecting against common cyber threats, making it a great starting point.
2. Federal Trade Commission (FTC) – Cybersecurity for Small Business: The FTC offers a robust collection of resources, including articles, videos, and quizzes on specific topics like ransomware, phishing, and vendor security.
3. Cybersecurity & Infrastructure Security Agency (CISA) – Cyber Guidance for Small Businesses: As the nation’s cyber defense agency, CISA provides free tools, services, and guidance to help small businesses build resilience and protect their digital assets.
4. National Institute of Standards and Technology (NIST) – Small Business Cybersecurity Corner: For those ready to get more structured, NIST offers resources to help you understand and apply its world-renowned Cybersecurity Framework, scaled for the needs of a small business.
5. Global Cyber Alliance (GCA) – Cybersecurity Toolkit for Small Business: The GCA provides a free, practical toolkit with a set of easy-to-use tools and resources designed to help small businesses immediately improve their cybersecurity posture without a heavy financial investment.

Provide me a short 1-page article on privacy best practices for a small california business. Please include any sources at the bottom. Please write from the perspective of ME, a cybersecurity consultant (https://ckcybersecurity.com/).

Show thinking

To Our Fellow California Business Owners,

Navigating the complexities of running a small business is challenging enough without adding the ever-evolving landscape of data privacy into the mix. As your neighbors and cybersecurity partners at CK Cybersecurity, we want to cut through the noise and offer some straightforward, actionable advice to help you protect your business and your customers’ trust. In California, data privacy isn’t just good practice—it’s the law.

Understanding Your Obligations Under California Law

California has been at the forefront of data privacy in the U.S. with the California Consumer Privacy Act (CCPA) and its successor, the California Privacy Rights Act (CPRA). These laws grant Californians significant control over their personal information.

Here’s the gist of what these laws mean for you: If your business collects personal information from California residents—and let’s be honest, nearly every business does—you have specific obligations. You’re on the hook if your business meets one of the following:

• Has annual gross revenues over $25 million.
• Buys, sells, or shares the personal information of 100,000 or more California residents or households.
• Derives 50% or more of your annual revenue from selling or sharing California residents’ personal information.

Even if you don’t meet these thresholds, adopting these best practices is a wise move that builds customer trust and prepares you for future growth.

Practices for Your Business

Here are some fundamental steps you can take to protect the data you handle and comply with California’s privacy laws:

• Know Your Data: You can’t protect what you don’t know you have. Start by creating an inventory of the personal information you collect, where it’s stored, and why you need it. This includes everything from names and email addresses to more sensitive data like geolocation or financial information.
• Practice Data Minimization: Only collect and retain the personal information that is absolutely necessary for your business purposes. The less data you have, the less risk you carry.
• Be Transparent with a Clear Privacy Policy: Your website needs a clear, easy-to-understand privacy policy. This policy should inform your customers about what data you collect, how you use it, and how they can exercise their privacy rights. Under California law, you must update this policy at least every 12 months.
• Empower Your Customers: California law gives consumers the right to know what information you have about them, the right to have it deleted, and the right to opt-out of the sale or sharing of their data. Make it easy for your customers to make these requests. This often involves a “Do Not Sell or Share My Personal Information” link on your website.
• Secure Your Data: Implement reasonable security measures to protect the personal information you hold. This doesn’t mean you need a Fort Knox-level security system, but it does mean taking practical steps like using strong passwords, enabling multi-factor authentication, and encrypting sensitive data.
• Train Your Team: Your employees are your first line of defense. Ensure they understand their role in protecting customer data and are trained to recognize and respond to potential threats like phishing emails.
• Have an Incident Response Plan: In the unfortunate event of a data breach, you are required to notify affected California residents. Having a plan in place before a crisis occurs will allow you to respond quickly and effectively, which can mitigate the damage to both your customers and your reputation.

Protecting your customers’ privacy is not just about legal compliance; it’s about building and maintaining the trust that is the bedrock of any successful business.

---

For Further Reading

• California Consumer Privacy Act (CCPA) – State of California Department of Justice: https://oag.ca.gov/privacy/ccpa
• California Privacy Rights Act (CPRA) – Comerica Bank: https://www.comerica.com/site-tools/resources/california-privacy-rights-act.html
• Data Security Breach Reporting – State of California Department of Justice: https://oag.ca.gov/privacy/databreach/reporting
• A California Business Privacy Handbook – California Office of Privacy Protection: https://oag.ca.gov/sites/all/files/agweb/pdfs/privacy/business_privacy_handbook.pdf
• CCPA Compliance: A Guide to California’s Data Privacy Law – Secureframe: https://secureframe.com/blog/ccpa-compliance