ARTICLE
9 July 2019

Texas Breach Law Will Change In 2020, To Require Attorney General Notification

SM
Sheppard, Mullin, Richter & Hampton LLP

Contributor

Sheppard, Mullin, Richter & Hampton LLP logo
Businesses turn to Sheppard to deliver sophisticated counsel to help clients move ahead. With more than 1,200 lawyers located in 16 offices worldwide, our client-centered approach is grounded in nearly a century of building enduring relationships on trust and collaboration. Our broad and diversified practices serve global clients—from startups to Fortune 500 companies—at every stage of the business cycle, including high-stakes litigation, complex transactions, sophisticated financings and regulatory issues. With leading edge technologies and innovation behind our team, we pride ourselves on being a strategic partner to our clients.
Explore Firm Details
New requirements to the Texas data breach statute, including a requirement to notify the Texas attorney general of a breach, are set to go into effect January 1, 2020.
United States Privacy
Liisa M. Thomas and Elfin L. Noce
Your Author LinkedIn Connections
Liisa M. Thomas’s articles from Sheppard, Mullin, Richter & Hampton LLP are most popular:
  • with Inhouse Counsel

New requirements to the Texas data breach statute, including a requirement to notify the Texas attorney general of a breach, are set to go into effect January 1, 2020. The legislation, signed by Texas Governor, Greg Abbot, on June 14, 2019, requires that the Texas attorney general be notified of a breach within 60 days. The AG notification is required only if 250 or more Texas residents are affected. The notification to the attorney general must include a description of the breach, number of residents affected, measures taken in response to the breach, measures planned to be taken after notification and whether law enforcement has been engaged with the investigation. The legislation also adds a 60 day timing requirement for notice, from the current "as quickly as possible" standard.

In an unusual step for breach notice laws, the legislation also creates a "Texas Privacy Protection Advisory Council." This Council is tasked with studying both Texas and other privacy laws, both domestic and foreign. Members of the Council will be in-state residents, and are to include someone from a nonprofit organization that looks at privacy from the consumer perspective, as well as a law school professor. The Council is tasked with making recommendations to the legislature in Texas on privacy law changes that "appear necessary from the results of the council's study." This development is interesting in light of the two Texas privacy bills that were recently introduced, the Texas Consumer Privacy Act and the Texas Privacy Protection Act. The Council's findings and recommendations are due September 1, 2020.

Putting it Into Practice: Companies with nationwide breach notice plans should work in the new requirement to notify the Texas attorney general prior to the January 1, 2020 effective date. We will continue to monitor the developments that result from this new Council, in the meantime.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

[View Source]
Authors
Photo of Liisa M. Thomas
Liisa M. Thomas
Photo of Elfin L. Noce
Elfin L. Noce
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More