Tag: Data Privacy

Summary of article from  Vinson & Elkins LLP, by Maggie Eller, Briana Falcon, Jeffrey Johnston, Michael Kurzer:

The Texas Data Privacy and Security Act (TDPSA), effective from July 1, 2024, mandates compliance from businesses operating in Texas or providing products/services to Texas residents, excluding small businesses and specific entities like state agencies and nonprofits. It defines consumer rights, responsibilities for data controllers and processors, and includes stringent requirements for handling personal and sensitive data. Sensitive data encompasses information such as race, health diagnoses, and biometric data, while certain healthcare and employment-related data are exempt. Organizations must conduct data protection assessments, update privacy policies, and establish systems for consumer rights compliance. Ensuring data security through administrative, technical, and physical measures is also emphasized.

Summary of article from Faegre Drinker Biddle & Reath LLP, by Bridgette Lehman, William Wright:

The Fourth Circuit Court of Appeals has broadened the interpretation of “unsolicited advertisements” under the TCPA in the case of Family Health Physical Medicine, LLC v. Pulse8, LLC. The court reversed a lower court’s dismissal, ruling that a fax inviting recipients to a free webinar could be considered an advertisement, even without explicitly offering goods or services for sale. This decision, which contrasts with narrower interpretations from other circuits, allows for “implicit marketing” and considers the potential for future promotional contact. As a result, businesses face increased liability and may need to reassess their fax communication strategies to mitigate TCPA risks. The ruling’s implications could influence TCPA litigation strategies beyond the Fourth Circuit.

Summary of article from The National Review, by Elizabeth Rogers:

The Texas Data Privacy and Security Act (TDPSA) is a comprehensive privacy law that applies broadly to individuals and businesses dealing with personal data in Texas. It introduces a strong set of consumer privacy rights, including the rights to access, correct, and delete personal data, and to opt-out of data processing for targeted advertising. The law imposes obligations on data controllers, such as data minimization, nondiscrimination, and the requirement of consent before processing sensitive data. Controllers must also conduct data protection assessments for certain types of processing that pose heightened risks to consumers. The law is enforced by the Attorney General, with civil penalties of up to $7,500 per violation, and businesses are advised to update their privacy policies and procedures to comply with the TDPSA.

Summary of article from Data Protection Report, by By David Kessler, Annmarie Giblin, Joe McClendon, Susan Ross:

The Texas Data Privacy and Security Act (TDPSA), effective from July 1, 2024, applies to companies conducting business in Texas, processing personal data, and not classified as small businesses. Unlike other state laws, TDPSA requires companies to provide an opt-out option for automated profiling that could significantly impact consumers, such as employment opportunities. The Act mandates “controllers” to conduct a data protection assessment for specific uses of personal data, including sensitive data and profiling activities that pose a risk to consumers. The assessment, which must be available to the Texas Attorney General upon request, should balance benefits against potential risks to consumer rights. Only the Attorney General can enforce the TDPSA, and violations can result in civil penalties up to $7,500 per violation.