Everything Really Is Bigger in Texas - The Lone Star State Amends Law to Require 50-State Breach Notification

more+
less-

Texas recently enacted House Bill 300 (the Law). Its primary purpose is to add significant privacy requirements to the Texas Medical Records Privacy statute, but lurking among those provisions are amendments to Texas’s breach notification law which, if triggered, purport to require notice in all 50 states.

The Law applies Texas’s breach notification requirements to organizations “conducting business” in the state of Texas. The Law does not define what “conducting business” in Texas means, but a business that maintains a physical presence in Texas or has regular commercial dealings with Texas residents likely will be covered by the Law.

If a covered business suffers a breach, the Law requires that breach notification be given to affected residents of Texas and affected residents of “another state that does not require [breach notification].” If the other state’s law also requires breach notification, then the Texas requirements are deemed satisfied when notice is provided to the other state’s residents in keeping with the other state’s law. If the other state’s law does not require notification, but Texas law applies (i.e., the business operates in the state, etc.) and would require notice, then breach notification will have to be provided to residents of the other state following Texas requirements for notification. The result is that breaches affecting residents of other states will have to be analyzed under both the law of the state where an affected person resides and Texas law to determine if breach notification is required.

Please see full article below for more information.

LOADING PDF: If there are any problems, click here to download the file.

Published In: Administrative Agency Updates, Health Updates, Privacy Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Poyner Spruill LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »