Who is affected by Texas data privacy laws?
While remedies for violations differ, depending on the state law, they often include fines, injunctive relief, and other equitable remedies.
What’s the difference between privacy policies and privacy notices?
Texas state privacy laws
These laws include:
- Texas Privacy Act: This 2019 law made changes to earlier data breach notification laws. Companies now must provide notice of data breaches affecting individual consumers, within 60 days of the breach. If the data breach affects 250 or more people, the company must notify the Texas Attorney General’s office. Finally, the Act created the Privacy Protection Advisory Council, which advises on potential changes to existing privacy laws.
- Biometric Privacy Law: This privacy law prevents anyone from capturing and selling any biometric information without the person’s explicit consent. This includes scanning the iris, fingerprinting, or scanning facial geometry.
- Identity Theft Law: The Identity Theft Law prevents individuals, businesses, and other entities from using anyone’s personal information to receive personal credit, goods, or services. The law requires companies to adopt consumer data protection policies, including procedures to ensure data privacy and security.
- Medical Privacy Act: This state law adds additional protections for medical data, beyond HIPAA requirements. The Medical Privacy Act requires companies to provide electronic health records at a patient’s request. Companies must obtain the patient’s authorization to disclose any health-related information. The act also requires employees to undergo related training, and sets requirements to notify consumers of any data breaches.
- Student Privacy Act: The Student Privacy Act prevents the sale of student personal data. Companies may not create ads for students based on data shared by educational institutions or suppliers. It also prevents universities and other entities from sharing student data.
- Texas Cybercrime Act: This law makes it a criminal offense to engage in DoS (denial of service) attacks, ransomware facilities, or intentional data alteration. While most businesses will not need to worry about compliance, it’s designed to provide additional protection for consumers.
Our software pairs technology with real legal expertise, so you’ll get a compliant policy and notice in record time. Simply answer a series of questions, download the generated document, and have your lawyer review. It’s the easiest way to ensure compliance and avoid incurring hefty penalties.