A Moment of Privacy

more+
less-

[author: Kristen J Mathews]

And now for the question:

Q: Did you know there are breach notification obligations in all 50 states, even though only 46 states have adopted them? How could that be, you ask? Because Texas said so. (Does that surprise you?)

A: Texas recently amended its breach notification law so that its consumer notification obligations apply not only to residents of Texas, but to any individual whose sensitive personal information was, or is reasonably believed to have been, acquired by an unauthorized person. Texas’s amended law (H.B. 300) specifically requires notification of data breaches to residents of states that have not enacted their own law requiring such notification (that is, Alabama, Kentucky, New Mexico and South Dakota).

The law only applies to persons who “conduct business in” Texas, although the law does not elaborate on what that might include.

The amended law also increases the penalties for a failure to notify consumers of a data breach from a maximum of $50,000 (under the old law) to $100 per individual per day of failed or delayed notification, not to exceed $250,000 for a single breach.

What does this mean for entities that have suffered a data breach? Many companies that suffer nationwide data breaches already elect to notify individuals who reside in states that do not have breach notification laws, simply to avoid negative public relations scrutiny for not doing so. However, for companies that conduct business in Texas, there could now be a price tag of up to $250,000 for not notifying non-Texas residents whose sensitive personal information was subject to a data breach.

Texas’s new law will become effective September 1, 2012. For more information about this new law, see our blog.

Texas’s H.B. 300 also amends Texas’s Health and Safety Code to impose privacy and data security requirements that go beyond HIPAA. We will blog about these amendments separately.

Have a question? Email Kristen J. Mathews at kmathews@proskauer.com.

Published In: Administrative Agency Updates, General Business Updates, Privacy Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Proskauer Rose LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »