Texas Data Privacy Laws: Everything You Need to Know

Cyber security.Digital padlock icon,Cyber security technology network and data protection technology on virtual dasboard.Online internet authorized access against cyber attack and privacy business data concept.

Does your organization operate or do business in Texas? The state passed the Texas Data Privacy and Security Act, making changes to the way organizations must safeguard sensitive information regarding their customers, vendors, and employees.

As experts in helping leading organizations implement a proactive approach to risk, we’ve outlined everything you need to know about data privacy laws in Texas.

Important things to know about the Texas Data Privacy and Security Act (TDPSA):

What the TDPSA is and when it goes into effect.
The types of consumer protections outlined in the TDPSA.
The requirements outlined in the TDPSA.
Who must comply with the TDPSA.
What happens when an organization fails to comply with the TDPSA.
Tips and steps to ensure compliance with the TDPSA.

What is the Texas Data Privacy and Security Act, and when does it go into effect?

The Texas Data Privacy and Security Act (TDPSA) outlines regulations for the collection and usage of consumer data. This new legislation goes into effect by July 1, 2024.

For information about data privacy laws in other states, head to our blog: States That Have Adopted U.S. Consumer Data Privacy Laws Similar to GDPR.

What kinds of consumer rights are outlined in the Texas Data Privacy and Security Act?

Similar to GDPR and other data privacy laws, the TDPSA outlines several protections for consumers, including:

The right to confirm whether a company is storing or using personal data.
The right to access any personal data being gathered.
The right to correct inaccuracies in their personal data.
The right to delete their personal data.
The right to obtain a copy of their personal data.
The right to opt out of processing personal data for marketing, advertising, or profiling purposes and/or the sale of personal data.

What are the requirements for the Texas Data Privacy & Security Act?

The TDPSA requires controllers (companies collecting personal data) to gain consent before collecting and using sensitive personal data, such as dates of birth, addresses, phone numbers, and other information that could be used to identify an individual.

It also outlines requirements stating that controllers cannot discriminate against a consumer for exercising their protections and rights or process the sensitive data of children.

In addition, if a consumer requests access or changes to the data, the controller must respond within 45 days of the request.

Which kinds of companies must comply with the Texas Data Privacy and Security Act?

Companies who are either based in Texas, conduct business in Texas, and/or generate products or services consumed by individuals living in Texas must comply with the TDPSA. Certain small businesses are exempt.

What happens when an organization fails to comply with the Texas Data Privacy and Security Act?

When an organization fails to comply with the TDPSA, they may be fined up to $7,500 per violation – however, these violations can also cause damage to the company’s reputation, friction with stakeholders or investors, or a loss of consumer trust, impacting their ability to successfully grow their businesses.

What should companies do to comply with the new Texas Data Privacy and Security Act?

To comply with the Texas Data Privacy and Security Act, companies should focus on the following initiatives:

Understand your data: Perform a data mapping exercise to understand what personal information is being collected and where it is stored.
Conduct a gap analysis: Use established frameworks to identify where you have gaps and where controls need to be implemented.
Develop an action plan and roadmap: Identify the most critical gaps to fill. Start with quick wins and high priority items.
Perform remediation: Implement new policies and procedures to ensure any gaps are filled.
Conduct a final assessment: Check to make sure your internal controls are working as planned.

For more information, our IT Compliance Consultant, Van Bui, outlines the necessary steps to begin the process in this helpful video: How to Prepare for the Texas Data Privacy Laws Going into Effect July 2024.

Final Thoughts on Data Privacy Laws in Texas

With the new legislation going into effect by July 1, 2024, knowing what steps to take to ensure compliance and avoid potential costly fines is essential.

As such, it can be beneficial to turn to a trusted partner to help you quickly identify any gaps in your data privacy plan, implement a more proactive approach to risk, and swiftly comply with ever-changing laws and regulations.

Insights By

John Patrick

IT Manager, Risk & Compliance

John is an IT risk and compliance manager with deep experience across a multitude of skill sets, including cybersecurity and data protection policies, procedures and best practices, IT audit, security, risk, and compliance.

Recent Insights

Need Support to Comply with the TDPSA?

At Bridgepoint Consulting, we translate insight to action by equipping organizations with proactive, on-demand solutions so they can embrace uncertainty, mitigate risk, and empower organizational growth.

Risk Management