Texas Data Privacy & Security Act

Texas is known for doing things its own way, and data privacy is no exception. The Texas Data Privacy and Security Act (TDPSA) moseyed into law on July 1, 2024, bringing a new set of rules for businesses handling the personal information of Texans. While it shares some similarities with other state privacy laws, the TDPSA has its own unique flavor, reflecting Texas's emphasis on business-friendly regulations.

Key Provisions of the TDPSA:

  • Consumer Rights:

    • Right to Access: Consumers can request access to their personal data.

    • Right to Correction: Consumers can request correction of inaccurate personal data.

    • Right to Deletion: Consumers can request deletion of their personal data.

    • Right to Opt-Out: Consumers can opt-out of the sale of their personal data or its use for targeted advertising.

    • Right to Data Portability: Consumers can request a copy of their personal data in a portable format.

  • Business Obligations:

    • Provide a Privacy Notice: Clearly inform consumers about your data practices.

    • Respond to Consumer Requests: Respond to consumer requests within 45 days.

    • Implement Reasonable Security: Protect personal data with appropriate security measures.

    • Conduct Data Protection Assessments: Assess risks for processing activities like targeted advertising, profiling, and the processing of sensitive data.

    • Obtain Consent: Obtain consent before processing sensitive data.

  • Sensitive Data:

    • The TDPSA provides heightened protection for sensitive data, including information about race, religion, health, sexual orientation, and precise geolocation. Businesses must obtain consent to process this type of data.

  • Universal Opt-Out:

    • The TDPSA does not explicitly require a universal opt-out mechanism like some other state laws.

Who does the TDPSA apply to?

The TDPSA applies to businesses that conduct business in Texas or provide products or services to Texas residents and meet one of the following thresholds:

  • Control or process the personal data of at least 25,000 consumers.

  • Derive 50% or more of their gross revenue from selling personal data.

Why is the TDPSA important?

The TDPSA is a significant step in protecting consumer data privacy in Texas. It's essential for businesses to understand and comply with the TDPSA to avoid legal and financial risks, build trust with customers, and foster a culture of responsible data handling.

How Aetos Can Help:

Aetos Data Consulting provides expert guidance and support to help businesses navigate the complexities of the TDPSA. Our services include:

  • TDPSA compliance audits

  • Policy development and implementation

  • Training and awareness programs

  • Data subject request management

Contact us today to learn more about how we can help your business achieve and maintain TDPSA compliance.

Check out other state laws