Mandatory Timeframe for Breach Reporting and/or Consumer Notification
As Quickly as Possible
Laws related specifically to personal information
Breach Reporting & Consumer Notification
Protect personal information
Program for Protection/Security
Third Party: Specific Obligations
Third Party: Mandated Contracts
Requests for Information
Fines & Penalties
Violations of Breach and Notification Laws
$2,000 up to $50,000
Third Party Management
None to minimal
Notification to affected residents may only be given by specific methods.
Breach reporting to each consumer reporting agency that maintains files on consumers on a nationwide basis is required if more than 10,000 consumer notifications are sent, without reasonable delay.
Texas specifies the meaning of personal information and sensitive personal information.
A business must implement and maintain reasonable procedures, including taking any appropriate corrective action, to protect from unlawful use or disclosure any sensitive personal information collected or maintained by the business.
Texas law has heavy penalties for violations of the laws involving protection of personal information and breach notification, including, but not limited to:
Civil penalties from $2,000 to $50,000 per violation
$100 for each individual that was due a notification (up to $250,000)
Permanent or temporary injunctions
Equitable relief as granted by a court
Reimbursement of expenses to the state attorney general
If a vendor is breached, they must report it to the data owner. The data owner will be responsible to complete the reporting and consumer notifications.
If the breach affects residents in other states, you will need to notify those residents using that state’s rules.
Statutes and Laws
TX Business and Commerce Code §§ 521.001 – 521.002 Identity Theft Enforcement and Protection Act
TX Business and Commerce Code § 521.051 Unauthorized use or possession of personal identifying information
TX Business and Commerce Code § 521.052 Business duty to protect sensitive personal information
TX Business and Commerce Code § 521.053 Notification required following breach of security of computerized data
TX Business and Commerce Code § 521.151 Civil Penalty; Injunction
TX Business and Commerce Code §§ 72.001 – 72.004 Disposal of Certain Business Records