Do business in Texas? New rules for data breach!

July 16, 2019  |  Carole Clark Isakson

California enacted the most comprehensive data privacy laws in the US – it goes into effect on January 1, 2020 (see The California Consumer Privacy Act recent blog post). In the meantime, other states are following suit. If you do business with individuals or companies outside Minnesota, make sure you are keeping up to speed with these new laws!

Texas has amended the laws that apply to data breaches, this change applies on January 1, 2020. What is a data breach? Well, it can be slightly different from state to state, which is part of the challenge. In Texas, the law concerns sensitive personal information, which is defined as 1) an individual’s first name or first initial and last name in combination with SSN, driver’s license number or other specific account numbers that could permit access to an account and 2) which information is not encrypted. Disclosure of this information to someone that is not authorized to have it is a security breach, it’s that simple. And what happens then? Give notice to the affected persons within 60 days of discovery, and take other steps required by law (and good business practices).

Texas has joined a growing group of states (roughly 30) that require that in the event of a data breach the state’s attorney general must be notified of the breach – in Texas this applies if the data of more than 250 Texans has been compromised. If the data of more than 10,000 Texans is involved, the entity must notify all the consumer reporting agencies nation-wide
Consult an attorney for all the details, but be quick! The penalties are up to $50,000. For more information about this issue contact the author of this blog Carole Clark Isakson.