State Breach Law

Texas Data Breach Notification Law

Tex. Bus. & Com. Code § 521.053 • Effective 2009-09-01

If your business has a data breach affecting Texas residents, you need to notify them "as quickly as possible" - Texas law requires it without unnecessary delay. If more than 250 Texans are affected, you must also notify the Attorney General. Texas takes data protection seriously, with fines up to $250,000 per breach.

Notification deadline: As quickly as possible, without unreasonable delay

Enforcement: Texas Attorney General

Overview

Texas requires businesses to notify affected residents "as quickly as possible" after discovering a breach involving sensitive personal information. The state also requires businesses to implement reasonable security measures.

Who Must Be Notified

  • Affected Texas residents
  • Texas Attorney General (if 250+ residents affected)

Covered Data Types

Social Security number, Driver's license or government ID number, Financial account number with access code, Credit/debit card number, Health information, Biometric data

Notification Requirements

  • Written or electronic notice to affected individuals
  • Include description of breach and types of data involved
  • Provide contact information for the business
  • Provide contact information for credit reporting agencies
  • If 250+ affected, notify TX AG within 60 days
  • Substitute notice allowed if cost exceeds $250,000 or 500,000+ affected

Is your business exposed?

Exemptions

  • Encrypted data (if key not compromised)
  • Data already publicly available
  • Entities regulated by HIPAA, GLBA (but notification required)

Penalties

Civil penalties: $2,000-$50,000 per violation. AG can seek injunction and recover investigation costs. Maximum penalty of $250,000 per breach.

If You Experience a Breach

  1. 1.

    Document your data security procedures (required)

  2. 2.

    Prepare breach notification templates

  3. 3.

    Know how to report to TX Attorney General

    TX AG Data Breach Report

  4. 4.

    Implement "reasonable" security measures for personal data

  5. 5.

    Train employees on breach identification and reporting

  6. 6.

    Ensure proper disposal of records containing personal information

Official Source

https://www.texasattorneygeneral.gov/consumer-protection/data-breach-reporting

Other State Breach Laws

New York, Texas, Florida

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices