Texas Consumer Privacy Law is on the verge of being signed by the Governor.
Let’s look at some of the most important highlights of this upcoming law:
Who’s Covered?
The TDPSA applies to any individual or business that processes or sells personal data and operates in Texas or provides goods or services to Texas residents. Unlike other state laws, the TDPSA does not rely on revenue thresholds.
Defining Consumers:
Texas residents acting in a personal context, excluding employees and business-to-business contacts, are defined as consumers under the law.
Understanding Personal Data:
Personal data includes any information that can be linked or linked to an identifiable individual, including pseudonymous data when combined with identifying information.
Enforcement:
The Texas Attorney General is the sole authority for enforcement, with fines of up to $7,500 per violation. There is no private right of action, and businesses are given a 30-day notice period to address any violations.
Exemptions:
Entities covered by federal laws such as HIPAA and GLBA, as well as financial institutions, government entities, and nonprofit organizations, are exempt from the TDPSA.
Key Obligations:
Controllers must limit data processing, implement safeguards, refrain from discrimination, and gain clear consent for sensitive data processing.
Consumer Rights:
Texas consumers are granted access, correction, deletion, and opt-out rights regarding their personal data, as well as appeal and data portability rights.
Sensitive Data:
Sensitive data includes various categories of personal information, and its collection and processing require the explicit consent of the consumer.
Handling Consumer Inquiries:
Controllers must respond to consumer data requests within 45 days, with a 45-day extension available, and provide a method of contacting the attorney general if an appeal is denied.
Data Protection Impact Assessments:
Controllers must perform impact assessments prior to specific processing activities, focusing on potential harms and mitigations.
Effective Date:
On March 1, 2024, the TDPSA will take effect.
Stay tuned as Texas moves to the forefront of consumer privacy protection, ensuring that individuals have greater control over their personal information in an increasingly digital world.