ARTICLE
8 August 2025

Data Privacy Enforcement In Texas Is Under Way—Is Your Business Ready?

FH
Finnegan, Henderson, Farabow, Garrett & Dunner, LLP

Contributor

Finnegan, Henderson, Farabow, Garrett & Dunner, LLP is a law firm dedicated to advancing ideas, discoveries, and innovations that drive businesses around the world. From offices in the United States, Europe, and Asia, Finnegan works with leading innovators to protect, advocate, and leverage their most important intellectual property (IP) assets.
Escalated Enforcement Under TDPSA: Since the Texas Data Privacy and Security Act took effect in 2024, the Texas Attorney General has aggressively enforced a broad suite of privacy laws...
United States Texas Privacy
  1. Escalated Enforcement Under TDPSA: Since the Texas Data Privacy and Security Act took effect in 2024, the Texas Attorney General has aggressively enforced a broad suite of privacy laws, targeting companies across industries with investigations, penalties, and long-term oversight.
  2. Widespread Business Impact: Enforcement actions have already affected over 100 companies, including automakers and tech startups, for alleged violations ranging from unauthorized data sales to deceptive marketing, signaling that no entity or industry is exempt from scrutiny.
  3. Urgent Compliance Imperative: Businesses collecting data from Texas residents must immediately audit data practices, update privacy policies, obtain proper consent, and implement robust opt-out mechanisms to mitigate legal and reputational risk.

Since the Texas Data Privacy and Security Act (TDPSA) took effect in 2024, privacy enforcement in the Lone Star State has escalated rapidly and aggressively. The Texas Attorney General's office is now pursuing alleged violations with a level of intensity we haven't seen before. The office launched a data privacy and security initiative designed to enforce the suite of Texas privacy laws, including the Data Privacy and Security Act, the Identity Theft Enforcement and Protection Act, the Data Broker Law, the Biometric Identifier Act, the Deceptive Trade Practices Act, as well as the federal Children's Online Privacy Protection Act and the Health Insurance Portability Protection Act.1 From social media platforms to insurers, automakers, and early-stage startups, businesses are facing sweeping investigations, crushing penalties, and long-term court oversight.

If you're collecting data from Texas residents, even indirectly, you are now part of the risk landscape. This isn't a warning. It's already happening. So, ask yourself: is your business ready?

Who's Already Been Hit?

  • Multiple car manufacturers are under a sweeping investigation for allegedly violating the Deceptive Trade Practices–Consumer Protection Act by secretly collecting and selling drivers' data without consent.2
  • 100+ companies received warning letters for allegedly violating Texas's new Data Broker Law by failing to register.3
  • Pieces Technologies, a Dallas AI healthcare firm, agreed to a first-of-its-kind settlement after allegedly promoting its products with false claims. It's now under a strict five-year compliance order.4

The message couldn't be clearer: enforcement is broad, aggressive, and expanding fast. No one is too big—or too small—to escape scrutiny. If your privacy practices aren't airtight, you could be next.

What You Can Do Right Now

Audit Your Data Practices Now.

Know exactly what data you collect, how it's stored, who can access it, and whether it's being shared or sold.

Update Your Privacy Policies and Disclosures.

Regularly review and revise your privacy notices to ensure they accurately reflect how you collect, use, and share data.

Obtain Consent.

Ensure you obtain clear, informed, and affirmative consent from consumers when collecting sensitive data.

Effectively Manage Opt-Out Requests.

Implement robust systems and processes to honor consumer opt-outs. Ensure preferences are promptly respected and integrated into your data practices.

Footnotes

1 Attorney General Ken Paxton Launches Data Privacy and Security Initiative to Protect Texans' Sensitive Data from Illegal Exploitation by Tech, AI, and Other Companies, TEX. ATT'Y GEN., June 4, 2024, https://www.texasattorneygeneral.gov/news/releases/attorney-general-ken-paxton-launches-data-privacy-and-security-initiative-protect-texans-sensitive.

2 Attorney General Ken Paxton Opens Investigation into Car Manufacturers' Collection and Sale of Drivers' Data, TEX. ATT'Y GEN., June 6, 2024, https://www.texasattorneygeneral.gov/news/releases/attorney-general-ken-paxton-opens-investigation-car-manufacturers-collection-and-sale-drivers-data.

3 Attorney General Ken Paxton Notifies Over 100 Companies of their Apparent Failure to Comply with the Texas Data Broker Law that Protects Consumer Privacy, TEX. ATT'Y GEN., June 18, 2024, https://www.texasattorneygeneral.gov/news/releases/attorney-general-ken-paxton-notifies-over-100-companies-their-apparent-failure-comply-texas-data.

4 Attorney General Ken Paxton Reaches Settlement in First-of-its-Kind Healthcare Generative AI Investigation, TEX. ATT'Y GEN., Sept. 18, 2024, https://www.texasattorneygeneral.gov/news/releases/attorney-general-ken-paxton-reaches-settlement-first-its-kind-healthcare-generative-ai-investigation.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More