Changes to Texas data breach notification law (Section 521.053 of the Business & Commerce Code) go into effect on September 1, 2019. The changes specify when and how businesses must report a breach. For example, until this coming September, Texas law has required businesses disclose a breach “as quickly as possible.” On September 1st, the timeframe becomes more specific: businesses will need to disclose a data breach within 60 days of determining a breach occurred.
Other changes to the law include a requirement for businesses to notify the attorney general of breaches involving at least 250 Texas residents.
Companies conducting business in Texas will likely want to consult a data privacy attorney to determine how the business is impacted by these changes, and to incorporate the new requirements into their incident response plans.