AUSTIN, Texas–The Texas House has passed a bill that seeks to strengthen notification requirements of a security breach affecting sensitive personal information. The bill would also create the Texas Privacy Protection Advisory Council to study data privacy laws in Texas, other states, and relevant foreign jurisdictions.
The bill was sponsored by Rep. Giovanni Capriglione (R-Southlake).
The legislation would require disclosures of system security breaches in which an individual's sensitive personal information was or was reasonably believed to have been acquired by an unauthorized person to be made without unreasonable delay, and in each case no later than the 60th day after the date on which it was determined that the breach occurred, according to the Cornerstone CU League.
What Bill Requires
The bill also requires the person or entity who owned or licensed the data, including the sensitive personal information, to notify the attorney general if the breach involved 250 or more state residents. This notification would include:
- A detailed description of the nature and circumstances of the breach or the use of sensitive information acquired as a result
- The number of Texas residents affected
- Measures taken by the person or entity regarding the breach
- Any measures that the person or entity intended to take regarding the breach after the notification
- Information on whether law enforcement was engaged in investigating the breach
The Texas Privacy Protection Advisory Council would be composed of five members of the House of Representatives appointed by the House speaker, five senators appointed by the lieutenant governor, and five members of relevant industries appointed by the governor, the CCUL said.
The bill passed on a vote of 146–1.