Starting July 1, 2024, Texas will enforce the Texas Data Privacy and Security Act (TDPSA), one of the nation’s strongest consumer privacy laws. Texas Attorney General Ken Paxton announced a special task force within the office’s Consumer Protection Division dedicated to enforcing these new laws, promising to take aggressive action against entities exploiting Texans’ sensitive data. This task force will also oversee enforcement of other privacy-related laws, including the state’s Identity Theft Enforcement and Protection Act and federal laws like COPPA and HIPAA.
The TDPSA applies to any entity that processes personal information and conducts business in Texas, with specific exemptions for small businesses and nonprofit organizations. Key provisions of the TDPSA include rights for Texas residents to access, delete, and correct their personal information, opt-out mechanisms for the sale and targeted advertising of personal data, and requirements for obtaining consumer consent for the collection of sensitive data. The law mandates that businesses establish robust data security practices and conduct data protection assessments.
In addition to the TDPSA, Texas will enforce the Capture or Use of Biometric Identifier Act (CUBI), which requires informed consent for collecting biometric data and prohibits its sale or lease. The Texas Attorney General has exclusive enforcement authority and can impose significant penalties for violations. The state’s Data Broker Law, effective from March 1, 2024, requires data brokers to register with the Texas Secretary of State and adhere to strict data security and disclosure requirements.
Texas’ proactive stance on privacy enforcement signifies a growing emphasis on privacy and cybersecurity at the state level. This trend mirrors initiatives in other states like California, which has established a dedicated Privacy Protection Agency. The enhanced regulatory environment in Texas may encourage other states to implement similar privacy enforcement measures, leading to increased scrutiny and compliance requirements for businesses handling consumer data across the United States.
