The Texas Data Privacy and Security Act (TDPSA) took effect on July 1, 2024. This new law is designed to give Texans more control over their personal data, aligning Texas with other states like California and Virginia that have also implemented comprehensive privacy laws.
Key Features of the Texas Data Privacy Law (TDPSA):
Applicability:
The law applies to businesses that “conduct business in [Texas] or produce a product or service consumed by residents of [Texas]” and that collect, use, store, sell, share, analyze, or process consumers’ personal data.
Small businesses (as defined by the federal Small Business Administration) are generally exempt from the Act, except that if a small business sells the sensitive data of a consumer, it must first obtain the consumer’s consent.
Consumer Rights:
Texans will have the right to access, correct, delete, and opt-out of the processing of their personal data.
Consumers will also have the right to data portability, meaning they can request a copy of their data in a portable, easily transferable format.
Sensitive Data:
The TDPSA requires businesses to obtain explicit consent before processing "sensitive data" such as genetic or biometric information, mental or health data, religious beliefs, sexuality, citizenship, immigration status, precise geolocation data, and information about race or ethnicity.
Sensitive data also includes personal data of a child under the age of 13.
Opt-Out Rights:
Consumers can opt-out of the sale of their personal data or targeted advertising.
Data Protection Assessments:
Businesses are required to perform data protection assessments when processing personal data for targeted advertising, selling data, or processing sensitive data.
Enforcement:
Unlike the California law, Texas does not provide a private right of action (meaning individuals cannot sue for violations). Instead, enforcement is handled by the Texas Attorney General, who may issue civil investigative demands, and file enforcement actions to obtain civil penalties, injunctive relief, attorney’s fees, and costs.
Businesses may face fines of up to $7,500 per violation if they fail to comply.
Importance:
The TDPSA is important because it reflects growing concerns about data privacy across the U.S., where consumers are demanding greater protection and control over their personal information. The law also encourages businesses to implement stronger data security practices to prevent breaches and misuse of personal data.
Please contact Shereen El Domeiri (seldomeiri@fultonjeang.com) regarding the Texas Data Privacy Law to ensure that your business is in compliance with this new law.
Comentários