From Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C., posted on National Review:
Texas has joined the growing list of states enacting comprehensive consumer data privacy laws. On June 18, 2023, Governor Abbott (R) signed H.B.4, otherwise known as the Texas Data Privacy and Security Act (“TDPSA”). The TDPSA is another close cousin of the business-friendly Virginia statute, though Texas takes a different approach with applicability thresholds and gets tougher with regards to high-risk processing activities and consent requirements for using sensitive data. The compliance patchwork continues…
Just a few weeks before the TDPSA became law, the state also tightened the screws on its data breach notification requirements in order to require covered entities to report data breaches to the Texas Attorney General within 30 days (rather than 60 days) of discovering a breach. The amendment to Texas’ data breach notification law (Tex. Bus. & Com. Code Ann. §§ 521.002 and 521.053) takes effect on September 1, 2023 and will also require that reporters of breaches use an electronic form available on the AG’s website.