Understanding the Texas Data Privacy and Security Act: A New Era for Privacy in the Lone Star State

Compliance Hub

Jun 21, 2023 — 2 min read

The digital landscape is continuously evolving, and with it, the need for robust data privacy laws. In response to this growing necessity, Texas has recently joined the ranks of states with comprehensive data privacy laws. The Texas Data Privacy and Security Act (TDPSA), signed into law by Governor Greg Abbott, is set to reshape the way businesses handle personal data in the Lone Star State.

Who Does the TDPSA Apply To?

The TDPSA applies to any entity that (1) conducts business in Texas or produces a product or service consumed by residents of Texas; (2) processes or engages in the sale of personal data; and (3) is not a small business as defined by the US Small Business Administration. The law defines a small business as one with fewer than 500 employees. The TDPSA is set to go into effect on July 1, 2024.

Consumer Rights Under the TDPSA

The TDPSA grants consumers several rights, similar to those found in other comprehensive data privacy laws. These include:

The right to confirm whether a controller is processing the consumer’s personal data and to access that data.
The right to correct inaccuracies in their personal data.
The right to delete their personal data.
The right to obtain a copy of their data in a digital format.
The right to opt out of processing for purposes of targeted advertising, sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.

Controller Obligations

Controllers, as defined by the TDPSA, have several obligations. They must limit the collection of personal data to what is adequate, relevant, and reasonably necessary in relation to the purpose for which that personal data is processed. They must also establish, implement, and maintain reasonable administrative, technical, and physical data security practices. Controllers are required to perform data protection assessments in certain circumstances and must publish a privacy notice that meets specified requirements.

Unique Provisions of the TDPSA

The TDPSA has several unique provisions that set it apart from other data privacy laws. These include a requirement to post prescribed notices regarding the sale of sensitive personal data and biometric personal data. There is also a thirty-day cure period that requires more from the alleged violator than a statement that the alleged violation has been cured. Additionally, the TDPSA prohibits the sale of personal data by small businesses without the prior consent of the consumers.

Preparing for the TDPSA

With the TDPSA set to go into effect in 2024, businesses should begin assessing whether the law applies to them and understanding the personal data they collect. This includes how the data is used, shared, disclosed, and sold. With this information in hand, businesses can start taking steps to comply with the TDPSA.

The enactment of the TDPSA marks a significant step in Texas's journey towards robust data privacy. As the law takes effect, businesses operating in Texas will need to adapt to these new regulations, ensuring they are in compliance and protecting the personal data of their consumers.

NCA Leads International Operation to Degrade Illegal Versions of Cobalt Strike

Introduction The National Crime Agency (NCA) has spearheaded an extensive international operation aimed at dismantling the illegal use of Cobalt Strike, a legitimate cybersecurity tool often misused by cybercriminals. This operation, involving cooperation with multiple law enforcement agencies worldwide, represents a significant step in the fight against cybercrime. This article

Tutorial: Staying Ahead of Website Best Practices to Avoid Lawsuits

Introduction In the rapidly evolving digital landscape, adhering to best practices for website management is crucial to avoid legal pitfalls. This tutorial outlines the steps businesses can take to ensure compliance with global privacy regulations and protect themselves from potential lawsuits. Step 1: Understand Relevant Regulations Key Regulations to Consider:

Legislation and Compliance: Updates on New Laws and Regulations Affecting IoT Security

As the Internet of Things (IoT) continues to expand, governments and regulatory bodies worldwide are increasingly focusing on enhancing security standards to protect users and infrastructure. This article provides an in-depth overview of recent legislative updates and compliance requirements affecting IoT security. Emerging IoT Threats in 2024: A Comprehensive UpdateThe

In-Depth Synopsis: Global Adoption of Cybersecurity, Data Privacy, and AI Regulations in 2024

Introduction The landscape of cybersecurity, data privacy, and AI regulation has been rapidly evolving to address the growing complexity and frequency of cyber threats, the expanding volume of personal data being processed, and the transformative impacts of artificial intelligence. In 2024, significant advancements and adaptations have been made worldwide to

Read more

NCA Leads International Operation to Degrade Illegal Versions of Cobalt Strike

Tutorial: Staying Ahead of Website Best Practices to Avoid Lawsuits

Legislation and Compliance: Updates on New Laws and Regulations Affecting IoT Security

In-Depth Synopsis: Global Adoption of Cybersecurity, Data Privacy, and AI Regulations in 2024