Blog

Data Breach Reporting Requirements in Texas

Texas law requires certain businesses that experience a data breach of system security to notify affected consumers and to provide notice of that data breach to the Office of the Texas Attorney General if the breach affects 250 or more Texans.

The notice you provide to the Texas Attorney General must report the number of Texans you have notified of the breach by mail or email.

To facilitate this reporting, the Texas Attorney General provides a Data Breach Submission form which you may submit to the Attorney General electronically.

How do you provide this required Data Breach Notice to the Texas Attorney General's Office?

You may fill out the Data Breach Notice form provided and submit it electronically.
Before you fill out the form, here is what you need to know:

  • The system can NOT save your form, so you will need to complete it in one sitting.

  • To prepare, you can preview the form.

  • Do NOT hit the “back” button on your browser, or your submission will be cleared.

  • Your data breach notice is potentially an open record. This means that members of the general public may file an open-records request to obtain a copy of your completed form.

  • If you experienced more than one breach, you must submit a separate data breach notice for each.

What happens after you submit my completed Data Breach Notice form?

You will automatically receive a confirmation email to let you know that your notice was successfully submitted. You will also receive a record number. Please retain that email and your assigned record number for your files.

The Consumer Protection Division of the Attorney General's office will contact you with follow-up questions, if any. 

The Attorney General will also include you in a listing of companies that had a data breach.

What if you have questions about the Texas Identity Theft Enforcement and Protection Act and its requirements?

For your convenience, review the Texas Identity Theft Enforcement and Protection Act or Texas House Bill 3746.

Please consult with your attorney if you have questions about how the law applies to you or need interpretations of the law. Also, keep in mind that these are just the requirements under Texas law, and you should also comply with federal requirements and any other state's requirements if you have customers there. Information on federal law and guidance can be found at https://www.ftc.gov/business-guidance/resources/data-breach-response-guide-business.
 

Comments

 
By: Randy Hilliard
On: 10/06/2022 15:42:53
Thanks Earl, that is very helpful.

Leave a comment

Commenting is restricted to members only. Please login now to submit a comment.