Effective July 1, 2024
The data privacy landscape for Texans and businesses operating in the state has now changed significantly. With the Texas Data Privacy and Security Act (TDPSA), which went into effect on July 1, this comprehensive legislation grants individuals new rights over their personal information.
Businesses are now responsible for reviewing their data practices and ensuring compliance with the TDPSA. This may involve updating privacy policies, implementing processes for handling consumer requests, conducting data protection assessments, and revising contracts with third parties. The Texas Attorney General has the authority to enforce the law, and businesses that violate the TDPSA could face civil penalties. As Texas residents become more aware of their new rights and companies adapt to these changes, the TDPSA is poised to reshape how personal data is handled in the state.
Your New Rights Under the TDPSA:
- Right to Know: You have the right to know what personal data a company collects about you and how it’s being used.
- Right to Correct: You can request corrections to any inaccurate personal data a company holds.
- Right to Delete: You can ask companies to delete the personal data that they have collected.
- Right to Access: You can request a copy of your personal data in a portable format.
- Right to Opt Out: You can opt out of selling your personal data, targeted advertising, or profiling activities.
Who Does the TDPSA Apply To?
The TDPSA applies to any business that conducts business in Texas or produces a product or service consumed by Texas residents and processes a large amount of personal data. Unlike some other state laws, the TDPSA doesn’t have a minimum threshold for the number of consumers a business must interact with to be covered.
What is Considered Personal Data?
Personal data is any information that is linked or reasonably linkable to an identified or identifiable individual. This includes sensitive data such as racial or ethnic origin, religious beliefs, genetic data, biometric data, health information, and sexual orientation.
How Can You Exercise Your Rights?
You can exercise your rights under the TDPSA by submitting requests directly to companies. Companies must respond within a reasonable timeframe.
What Happens if a Company Violates the TDPSA?
The Texas Attorney General is responsible for enforcing the TDPSA. Companies that violate the law may face civil penalties.
What Should Businesses Do to Comply?
Businesses should review their data practices and update their privacy policies to comply with the TDPSA. This may involve implementing processes for handling consumer requests, conducting data protection assessments, and revising contracts with third parties.
Key Takeaways:
- The TDPSA gives Texas residents significant new rights over their personal data.
- Businesses need to understand and comply with the TDPSA’s requirements.
- If you’re a Texan, know your rights and how to exercise them.
For further information, you can visit the Texas Attorney General’s website: https://www.texasattorneygeneral.gov/consumer-protection/file-consumer-complaint/consumer-privacy-rights/texas-data-privacy-and-security-act
Author: The Sensei of AI Governance and Risk Management
James K. Sayles, Sr, Director of Advisory Services, AI and Cybersecurity
Certified Chief Information Security Officer (CCISO), Certified AI Professional, CIA, CISA, CCIE, CCAE, CCISP, CRISC, CIPP, CFE, CISM
James is a Senior Director at CyberOne, specializing in AI Governance and Model Risk Management, GRC, and Cybersecurity Strategy. With extensive experience in the field, James is a certified AI/GRC executive and fellow, ensuring cybersecurity and business alignment and the responsible and ethical use of AI technologies.
