A Moment of Privacy


[author: Kristen J Mathews]

And now for the question:

Q: Did you know there are breach notification obligations in all 50 states, even though only 46 states have adopted them? How could that be, you ask? Because Texas said so. (Does that surprise you?)

A: Texas recently amended its breach notification law so that its consumer notification obligations apply not only to residents of Texas, but to any individual whose sensitive personal information was, or is reasonably believed to have been, acquired by an unauthorized person. Texas’s amended law (H.B. 300) specifically requires notification of data breaches to residents of states that have not enacted their own law requiring such notification (that is, Alabama, Kentucky, New Mexico and South Dakota).

The law only applies to persons who “conduct business in” Texas, although the law does not elaborate on what that might include.

The amended law also increases the penalties for a failure to notify consumers of a data breach from a maximum of $50,000 (under the old law) to $100 per individual per day of failed or delayed notification, not to exceed $250,000 for a single breach.

What does this mean for entities that have suffered a data breach? Many companies that suffer nationwide data breaches already elect to notify individuals who reside in states that do not have breach notification laws, simply to avoid negative public relations scrutiny for not doing so. However, for companies that conduct business in Texas, there could now be a price tag of up to $250,000 for not notifying non-Texas residents whose sensitive personal information was subject to a data breach.

Texas’s new law will become effective September 1, 2012. For more information about this new law, see our blog.

Texas’s H.B. 300 also amends Texas’s Health and Safety Code to impose privacy and data security requirements that go beyond HIPAA. We will blog about these amendments separately.

Have a question? Email Kristen J. Mathews at kmathews@proskauer.com.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Proskauer Rose LLP | Attorney Advertising

Written by:


Proskauer Rose LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.