Texas Revises Notification Requirements under Data Breach Law

Weiner Brodsky Kider PC

Weiner Brodsky Kider PC

Texas recently signed into law House Bill 4390 (HB 4390), which amends the timing requirements for providing data breach notices to impacted individuals, adds a requirement to notify the Texas Attorney General of a breach, and creates a new temporary council to study, develop, and propose recommendations for the Texas legislature on data privacy laws.

Currently, under the Texas Identity Theft Enforcement and Protection Act, in certain contexts, notice must be provided “as quickly as possible” to individuals whose sensitive personal information was, or is reasonably believed to have been, acquired by an unauthorized person.  HB 4390 revises this timing requirement to provide that such notification generally must be made “without unreasonable delay,” and in each case must occur by the 60th day after the date on which the breached business determined that its breach occurred.  HB 4390 also adds a requirement to notify the Texas Attorney General, generally within the same timeframe, if the breach affects at least 250 Texas residents.  The notification to the Texas Attorney General must include a description of the breach or use of sensitive personal information acquired as a result of the breach, the number of Texas residents affected, measures taken and that will be taken by the person reporting the incident, and whether law enforcement is engaged in investigating the breach.  

HB 4390 also establishes a new temporary Texas Privacy Protection Advisory Council to study data privacy laws in Texas, other states, and relevant foreign jurisdictions in order to make recommendations to the Texas legislature on specific statutory changes regarding the privacy and protection of certain personally identifiable information.  The Council is required to report its findings and recommendations to the members of the legislature by September 1, 2020.

Although the Council-related provisions go into effect on September 1, 2019, the remainder of HB 4390 (regarding data breach notifications) will take effect on January 1, 2020.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Weiner Brodsky Kider PC | Attorney Advertising

Written by:

Weiner Brodsky Kider PC

Weiner Brodsky Kider PC on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.