Everything Really Is Bigger in Texas - The Lone Star State Amends Law to Require 50-State Breach Notification


Texas recently enacted House Bill 300 (the Law). Its primary purpose is to add significant privacy requirements to the Texas Medical Records Privacy statute, but lurking among those provisions are amendments to Texas’s breach notification law which, if triggered, purport to require notice in all 50 states.

The Law applies Texas’s breach notification requirements to organizations “conducting business” in the state of Texas. The Law does not define what “conducting business” in Texas means, but a business that maintains a physical presence in Texas or has regular commercial dealings with Texas residents likely will be covered by the Law.

If a covered business suffers a breach, the Law requires that breach notification be given to affected residents of Texas and affected residents of “another state that does not require [breach notification].” If the other state’s law also requires breach notification, then the Texas requirements are deemed satisfied when notice is provided to the other state’s residents in keeping with the other state’s law. If the other state’s law does not require notification, but Texas law applies (i.e., the business operates in the state, etc.) and would require notice, then breach notification will have to be provided to residents of the other state following Texas requirements for notification. The result is that breaches affecting residents of other states will have to be analyzed under both the law of the state where an affected person resides and Texas law to determine if breach notification is required.

Please see full article below for more information.

LOADING PDF: If there are any problems, click here to download the file.

Written by:


Poyner Spruill LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.