Texas Sets New Bar With Data Privacy Law
All products recommended by Bizreport are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
In a significant move towards strengthening data privacy, Texas has passed the Texas Data Privacy and Security Act (TDPSA), a comprehensive privacy bill that is set to take effect on July 1, 2024. This groundbreaking legislation is expected to have far-reaching implications for businesses operating in the state and beyond.
The TDPSA is unique in its coverage thresholds, which do not include common monetary stipulations other states adopted and rely instead on a three-factor applicability standard. The law applies to any business that conducts business in Texas or produces products or services consumed by Texas residents, processes consumer personal data, and is not a “small business” as defined by the U.S. Small Business Administration (SBA). This unique approach to determining applicability may result in the TDPSA applying to businesses that are well below the applicability thresholds in other states.
This innovative approach to applicability is a departure from the norm, as most state laws base coverage on how much data a company holds and what kind of revenue data collection, use, and sale generates on an annual basis. The SBA identification is the true outlier among Texas’ coverage standards. The SBA defines a small business as “an independent business having fewer than 500 employees.”This means that many businesses that would not typically be considered “small” may find themselves exempt from the TDPSA’s requirements.
Related Topic: Best Registered Agent Services 2024
Several New Recruitments Added
The law also introduces several new requirements for businesses. For instance, companies planning to sell sensitive and biometric information must provide “reasonably accessible and clear” disclaimers in privacy notices to notify customers that they “may sell” sensitive or biometric data. This requirement is expected to increase transparency and help consumers understand the significance of what is being conveyed.
Another notable feature of the TDPSA is its high bar for enforcing data subject rights. The law provides no private cause of action. If a business refuses to comply with a consumer’s request, the consumer may appeal to the controller, receive written notice and explanation of the action taken in response to the appeal, and inform the Attorney General of any such failure. This process is designed to ensure that businesses are held accountable for their data practices and that consumers have a clear path to recourse if their rights are violated.
Related Topic: Best States To Form An LLC 2024
A 30 Day Cure Period
The TDPSA also includes a 30-day cure period, during which noticed violations can be remedied. However, simply notifying the state attorney general that the violation has been cured will not be sufficient. Businesses will be required to provide the state attorney general a written statement that not only confirms that the alleged violations have been cured, but also states that they have notified the individual that their privacy violation was addressed, provided supportive documentation to show how the privacy violation was cured, and made changes to internal policies, if necessary.
This cure period is a unique feature of the TDPSA and sets a higher standard for businesses than most other state privacy laws. It requires businesses to take tangible steps to remedy violations and to provide evidence of these steps to both the individual affected and the state attorney general. This is expected to ensure that businesses take their data privacy obligations seriously and that violations are not simply swept under the rug.
In conclusion, the Texas Data Privacy and Security Act represents a significant milestone in the ongoing evolution of data privacy legislation in the United States. Its unique approach to determining applicability, its stringent requirements for businesses, and its high bar for enforcing data subject rights set it apart from other state privacy laws and underscore the increasing importance of data privacy in today’s digital age. As the tenth state to enact a comprehensive privacy law, Texas is leading the way in setting new standards for data privacy and security.
Related Topic: Best LLC Services 2024
ABOUT THE AUTHOR
ABOUT THE REVIEWER
+ 5 sources
Bizreport Advisor adheres to strict editorial integrity standards avoids using tertiary references. We have strict sourcing guidelines and rely on peer-reviewed studies, academic research. To ensure the accuracy of articles in Bizreport, you can read more about the editorial process here.
- Texas latest to add comprehensive state privacy law. iapp.org. Accessed June 22, 2023. https://iapp.org/news/a/texas-latest-to-add-comprehensive-state-privacy-law/
- Stella CC Dante A. Texas Passes One of the Strongest Data Privacy Laws in the Nation. The Firewall. Published June 14, 2023. Accessed June 22, 2023. https://www.thefirewall-blog.com/2023/06/texas-passes-one-of-the-strongest-data-privacy-laws-in-the-nation/
- Everything is Bigger in Texas, Including the Reach of its New Consumer Data Privacy Law. www.brookspierce.com. Accessed June 22, 2023. https://www.brookspierce.com/publication-everything-is-bigger-in-texas-including-the-reach-of-its-new-consumer-data-privacy-law
- McKenzie CJC Rachel Ehlers, Jonathan Tam, Helena J. Engfeldt and Brittney Justice © Baker. Texas Legislature Passes Data Privacy and Security Act. SHRM. Published June 9, 2023. Accessed June 22, 2023. https://www.shrm.org/resourcesandtools/legal-and-compliance/state-and-local-updates/pages/texas-consumer-privacy.aspx
- Baker, Agatep HLJP, Vela E, Gordy K, Carpenter CC, Serrato J. Privacy “Deep in the Heart of Texas”: An Overview of the Texas Data Privacy and Security Act. Lexology. Published June 20, 2023. Accessed June 22, 2023. https://www.lexology.com/library/detail.aspx?g=7a55c629-18cf-40c4-902e-8ec41cf55e4d