The Texas Data Privacy and Security Act: Empowering Texans' Privacy Rights


Table of Contents

In an era where data breaches and online privacy concerns are becoming increasingly prevalent, states across the United States have taken significant steps to protect their residents’ personal information. Joining the ranks of California and Virginia, Texas has now passed its own comprehensive data privacy legislation – The Texas Data Privacy and Security Act (TDPSA).  This comprehensive consumer privacy law empowers Texans with the right to control their personal data, while also imposing strict obligations on businesses to ensure data security and transparency. In this blog post, we will explore the key provisions of the TDPSA, its applicability, and the rights it grants to consumers.

Applicability and Scope

The TDPSA represents a groundbreaking shift in the landscape of data privacy laws. Unlike its predecessors, it applies to a much broader range of individuals and businesses both within and outside the state. It encompasses any entity conducting business in Texas, producing products or services consumed by Texas residents, and involved in processing or selling personal data. Even small businesses, with certain exemptions, must obtain consumer consent before selling sensitive personal data.

Notably, the TDPSA looks beyond a business’s targeting strategy and focuses on whether their products or services are consumed by Texas residents. Thus, it has the potential to affect a wide array of entities, regardless of size or revenue.

Consumer Rights

Central to the TDPSA’s mission is empowering consumers with comprehensive rights over their personal data. These rights are consistent with similar laws, such as the Virginia Consumer Data Protection Act (VCDPA). Among the key rights granted to consumers under the TDPSA are:

  • Right to Know: Consumers have the right to inquire whether a controller is processing their personal data.
  • Right to Portability: Consumers are entitled to receive a portable copy of their processed personal data in digital format.
  • Right to Deletion: Consumers can request the deletion of personal data held by controllers.
  • Right to Correction: Consumers can request the correction of any inaccurate personal data.
  • Right to Opt-Out: Consumers have the right to opt-out of the sale of their personal data, targeted advertising, and profiling with significant consequences.

Controllers’ Obligations

The TDPSA places substantial responsibilities on businesses, referred to as controllers, that handle personal data. Controllers must adhere to data minimization practices, limiting the use of personal data only to what is reasonably necessary. They must also conduct data protection assessments for specific processing activities that pose a higher risk to consumers, such as targeted advertising or processing sensitive data.

Furthermore, controllers in possession of de-identified or pseudonymous data must ensure that such data cannot be linked to an individual. They are also required to contractually bind any recipient of this data to compliance measures and oversee their adherence to these commitments.

Compliance and Enforcement

The TDPSA will take effect on July 1, 2024, and businesses must be prepared to comply with its provisions. The Texas Attorney General is designated as the primary enforcer of the TDPSA, with the authority to investigate violations and impose penalties of up to $7,500 for each breach. Notably, businesses are provided a 30-day grace period to cure any violations, subject to certain conditions and notifications.

The Texas Data Privacy and Security Act represents a significant milestone in the ongoing efforts to protect consumer data privacy. By granting Texans greater control over their personal information and imposing strict obligations on businesses, the TDPSA sets a robust framework for safeguarding data privacy and security in the state. As Texas joins the ranks of other privacy-conscious states, businesses must prepare diligently for the TDPSA’s implementation to ensure they are compliant and ready to uphold their customers’ privacy rights effectively. By navigating the path forward with diligence and dedication, Texas will lead the way in fostering a privacy-centric environment that serves as a model for other states and nations in the pursuit of data protection.

A propos de l'auteur

A propos de l'auteur

Recommended for you

data loss prevention policy sample
Aside from data loss being a headache, costing money, causing legal trouble and hurting your company’s reputation, data loss can also res...
data visualization best practices (2)
Transforming raw data into visually appealing and easily digestible formats can greatly help organizations empower their stakeholders to ...
Enterprise Data management
Whether you’re looking to enhance your incident detection capabilities, fine-tune your response plan, or improve post-incident analysis, ...
prevent data breaches
A break-in is a break-in, no matter the purpose behind it. Whether it’s purposeful, sophisticated hacking (like a home robbery) or hum...
GenAI Security
Most organizations can agree that AI has the immense power to help streamline and optimize systems. But an important area beyond making c...
how to prevent data loss
The threat of losing data can loom large over businesses of all sizes. From accidental deletion to malicious cyber-attacks, ensuring your...
Logo Qohash
By initiative
Regulatory compliance:
Find, classify and inventory all sensitive data, across every data source
Data breach prevention:
Monitor sensitive data 24/7, track data lineage, and enforce policies at endpoints
Microsoft 365
One easy-to-use platform to secure sensitive data on Windows workstations and M365
By regulation
Law 25
Why Qohash
Defy legacy limitations
What our customers say about us

Contact us​