McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
Business HomeProducts & SolutionsData ProtectionUS & Global Data Protection LawsSecurity Breach Notification Laws

Texas

Identity Theft Enforcement and Protection Act
CITATION Tex. Bus. & Com. Code § 521.03.
ENACTED 2007
SUMMARY The law deals not only with breach notification, but also with a businesses obligation to implement and maintain reasonable procedures, including taking any appropriate corrective action, to protect from unlawful use or disclosure any sensitive personal information collected or maintained by the business in the regular course of business. The law also establishes an obligation to properly destroy sensitive information which is not to be retained by the business.
DATA COVERED

The law applies to ‘Sensitive Personal Information’ which is defined as an individual’s unencrypted name along with one of the following items that are not encrypted:

  1. Social Security number;
  2. Driver's license number or government-issued identification number; or
  3. Account number or credit or debit card number in combination with any required security code, access code, or password that would permit access to an individual's financial account; or
  4. Information that identifies an individual and relates to:
    1. the physical or mental health or condition of the individual;
    2. the provision of health care to the individual; or
    3. payment for the provision of health care to the individual.
INDUSTRY Any person (or entity) that conducts business in Texas and owns or licenses computerized data that includes sensitive Personal Information or maintains such computerized data.
PENALTIES A person who violates the law is subject to a civil fine ranging from two thousand dollars ($2,000) to not more than fifty thousand dollars ($50,000) for each violation. The law authorizes the State Attorney General to pursue an injunction to prohibit future violations.
United States - English