Texas law sets new data security rules for businesses, expands privacy protections

Cora Neas
·2 min read

AUSTIN (KXAN) — Texas businesses will need to be more careful with how they handle consumer data or face fines under a law that takes effect in July.

The Texas Data Privacy and Security Act (TDPSA) was passed during the 2023 regular legislative session. It allows Texas residents to ask for their data, as well as what is being done with that data. It also requires that consumers have a way to opt out of data collection and sales.

Rick Cantu, U.S. country manager for privacy compliance company iubenda, tells KXAN that Texas is one of 19 states to pass a data security law.

“It’s bringing rights to consumers in Texas, and it’s also creating obligations for businesses in Texas,” Cantu said. “This law is essentially giving Texans rights to ask, what information do you have from me?

The law applies to people and businesses that “process or engage in the sale of personal data” in Texas. Businesses defined as small by the U.S. Small Business Administration are mostly exempt from the law, but are prohibited from selling Texas customers’ data without consent.

“The law has very expansive rights that are going to benefit Texans who just don’t want to share their information online, because they don’t know what’s going to happen. They don’t know what databases their information is going to appear on,” Cantu said. “If you choose to go dark, then that’s your right to privacy.”

Texas law requires data breaches to be reported to the AG office. Here’s how you can check

The TDPSA does not apply to state government agencies, higher education institutions, nonprofits, and electric utility and generation companies. Healthcare providers and financial institutions are also exempt from the new law, but are already subject to existing federal laws regarding data security.

Note: The video above is a KXAN file video from Jan. 5 about what to do during a data breach.

“[TDPSA] has certain disclosure requirements that go beyond what most businesses do when they download a free privacy policy template,” Cantu said. “I think those days are over, because you need a fully compliant privacy policy. Beyond that, there are certain obligations — if a consumer in Texas requests information about the data that you have about them, you have to act within certain timeframes.”

The law will be enforced by the Texas Office of the Attorney General, which recently launched a team dedicated to privacy-related consumer complaints.

A Legislative Budget Board analysis claims that Texas will spend around $5.5 million to implement the law, then just under $2 million each subsequent year. This money would fund the OAG to add 12 employees.

“The OAG estimates that enactment of the bill will generate an increased number of inquiries from lawmakers, business and legal communities, privacy advocates, the general public, and the media regarding the implementation and enforcement of this bill,” the analysis said.

Consumers can file complaints to the OAG online. If found in violation of the law, an entity can be fined up to $7,500 per violation.

Copyright 2024 Nexstar Media, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.

For the latest news, weather, sports, and streaming video, head to KXAN Austin.