Press "Enter" to skip to content

Texas Enacts Amendments to Data Breach Notification Law; Creates Privacy Protection Advisory Council

Published July 16, 2019 by Eric Rosenkoetter

On June 14, Texas Gov. Greg Abbott signed into law House Bill 4390 which amends the notification requirements of Texas’ data breach law and creates an advisory council to study data privacy laws generally.  The provisions become effective Jan. 1, 2020.

Currently, a person conducting business in Texas who “owns or licenses computerized data that includes sensitive data” must disclose the breach to any affected individual “as quickly as possible.”  Tex. Bus. & Com. Code § 521.053(b).

The amendments will require the disclosure “be made without unreasonable delay and in each case not later than the 60th day after the date on which the person determines that the breach occurred,” unless instructed otherwise by law enforcement.

Additionally, if the breach involves at least 200 Texas residents, the attorney general must receive notification within the same time frame that describes:

  1. the nature and circumstances of the breach;
  2. the number of residents affected;
  3. the measures taken prior to notification;
  4. the measures intended to be taken following notification; and
  5. law enforcement involvement, if any.

The Texas Privacy Protection Advisory Council will study privacy laws in Texas and other states and countries and make recommendations to the legislature.  The council will be comprised of 15 members with an equal number appointed by the Texas speaker of the house, lieutenant governor and governor.  Seven of the members must be from one of 13 specified industries.

Print Friendly, PDF & Email

Eric Rosenkoetter is a principal at Maurice Wutscher LLP, and is focused on advising clients with respect to federal and state consumer financial protection laws and data privacy and security, and he is a Certified Information Privacy Professional though the International Association of Privacy Professionals. He also brings to the table experience as a litigator, chief compliance and ethics officer, director of legislative affairs, federal lobbyist, and administrative hearings officer. Eric earned his Juris Doctor from Washington University School of Law, and his Bachelor of Business Administration from Southern Methodist University. He is a member of the International Association of Privacy Professionals, the Receivables Management Association International (RMAI), and ACA International. He is admitted to practice law in Texas and Missouri and in the U.S. District Courts for the Northern, Southern, Eastern, and Western Districts of Texas. For more information, see https://mauricewutscher.com/attorneys/eric-rosenkoetter/

Published in Compliance Management, Data Privacy and Security and State & Local Regulation

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.