On June 14, Texas Gov. Greg Abbott signed into law House Bill 4390 which amends the notification requirements of Texas’ data breach law and creates an advisory council to study data privacy laws generally. The provisions become effective Jan. 1, 2020.
Currently, a person conducting business in Texas who “owns or licenses computerized data that includes sensitive data” must disclose the breach to any affected individual “as quickly as possible.” Tex. Bus. & Com. Code § 521.053(b).
The amendments will require the disclosure “be made without unreasonable delay and in each case not later than the 60th day after the date on which the person determines that the breach occurred,” unless instructed otherwise by law enforcement.
Additionally, if the breach involves at least 200 Texas residents, the attorney general must receive notification within the same time frame that describes:
the nature and circumstances of the breach;
the number of residents affected;
the measures taken prior to notification;
the measures intended to be taken following notification; and
law enforcement involvement, if any.
The Texas Privacy Protection Advisory Council will study privacy laws in Texas and other states and countries and make recommendations to the legislature. The council will be comprised of 15 members with an equal number appointed by the Texas speaker of the house, lieutenant governor and governor. Seven of the members must be from one of 13 specified industries.
Eric Rosenkoetter is a principal at Maurice Wutscher LLP, where he provides counsel to businesses and consumer financial services firms nationwide. For many years, he has focused his practice on various aspects of financial services law. As a litigation attorney, he has conducted every aspect of the litigation process, including countless depositions, motion proceedings, bench and jury trials, and appeals in various courts. In addition, he has significant experience as a compliance and transactional attorney, providing strategic, business growth, legislative, compliance and regulatory advice to national corporations and trade associations. For example, he has drafted consumer contracts and disclosures designed to state-specific statutory requirements, and developed “Best Practices” guides and state-by-state compliance grids, for national financial services companies. He also conducted research and crafted a metrics report for a national trade association with analysis designed to counter the claims of advocacy groups. Eric’s experience also includes working for a national corporation as Executive Counsel, Chief Compliance and Ethics Officer, and Director of Legislative Affairs, and as a federal lobbyist and Director of Government and Public Affairs for a national financial services trade association. In the government sector, Eric presided over approximately 6,000 state administrative hearings, served as a staff attorney for the Missouri Senate, and handled litigation in 33 counties as a regional managing attorney. Eric frequently speaks to audiences on topics relevant to the financial services industry including regulatory compliance, data privacy law and related advocacy initiatives. For more information, see https://mauricewutscher.com/attorneys/eric-rosenkoetter/