ARTICLE
24 June 2024

Ten Days Until The Texas Data Privacy And Security Act Goes Live & AG's Office Signals "Aggressive Enforcement"

JL
Jackson Lewis P.C.

Contributor

Focused on employment and labor law since 1958, Jackson Lewis P.C.’s 1,000+ attorneys located in major cities nationwide consistently identify and respond to new ways workplace law intersects business. We help employers develop proactive strategies, strong policies and business-oriented solutions to cultivate high-functioning workforces that are engaged, stable and diverse, and share our clients’ goals to emphasize inclusivity and respect for the contribution of every employee.
With the Texas Data Privacy and Security Act (TDPSA) on the verge of taking effect on July 1, 2024, the State's Attorney General, Ken Paxton, recently launched an initiative...
United States California Texas Privacy

With the Texas Data Privacy and Security Act (TDPSA) on the verge of taking effect on July 1, 2024, the State's Attorney General, Ken Paxton, recently launched an initiative for "aggressive enforcement of Texas privacy laws." As part of the initiative, Paxton has established a team that will focus on the enforcement of Texas' privacy protection laws, including the TDPSA, along with federal laws like the Children's Online Privacy Protection Act (COPPA).

Unlike most of the 15 plus states with comprehensive privacy laws that exclude from their scope organizations that do not meet significant data volume thresholds (e.g., processing data related to at least 100,000 state residents), the TDPSA, with limited exceptions, applies to any organization that conducts business in the state of Texas or produces a product or service consumed by Texas residents. In contrast to the California Consumer Privacy Act (CCPA), the TDPSA excludes Human Resources and Business to Business data. But aside from this exclusion, if an organization processes the personal data of consumers residing in Texas, there is a good chance it will be in scope.

Organizations that have programs in place to comply with the CCPA will have a head start toward compliance with the TDPSA. That said, there are aspects of the TDPSA that differ from or go beyond the CCPA. For instance, the TDPSA requires:

  • the inclusion of specific privacy policy disclosures related to the sale of biometric or sensitive personal data;
  • the collection of consent before processing personal data for previously undisclosed purposes or processing sensitive personal data;
  • data protection assessments in connection with processing sensitive personal data, selling personal data, or using it for targeted advertising;
  • the inclusion of specific provisions in vendor agreements; and
  • a mechanism for consumers to appeal the denial of their requests to exercise their TDPSA rights.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More