On September 01, 2021, the House Bill (‘HB’) 3746 relating to certain notification required following a breach of security of computerised data entered into effect. The Act amends the state’s data breach notification laws under Texas Business and Commerce Code §521.053.
Key Highlights:
- Provision has modified to include new notification requirement i.e. organisations are required to include the number of affected residents that have been sent a disclosure of the breach by mail in their notifications;
Notification must include the following:
-
- a detailed description of the nature and circumstances of the breach or the use of sensitive personal information acquired as a result of the breach;
- number of residents of this state affected by the breach at the time of notification;
- number of affected residents that have been sent a disclosure of the breach by mail or other direct method of communication at the time of notification;
- measures taken by the person regarding the breach;
- measures the person intends to take regarding the breach after the notification under this subsection; and
- information regarding whether law enforcement is engaged in investigating the breach.
- Provision inserted requiring the Attorney General (‘AG’) to post on their website a listing of the notifications received by their office, which must be updated no later than 30 days after the AG receives the notification of a new breach of system security; and
- Provision inserted to require AG to remove the notification no later than one year after the AG first published if the person who provided the notification has not notified the AG of any additional breaches during that period.
You can read the bill here