The Texas Data Privacy and Security Act: Empowering Texans' Privacy Rights

Table of Contents

In an era where data breaches and online privacy concerns are becoming increasingly prevalent, states across the United States have taken significant steps to protect their residents’ personal information. Joining the ranks of California and Virginia, Texas has now passed its own comprehensive data privacy legislation – The Texas Data Privacy and Security Act (TDPSA).  This comprehensive consumer privacy law empowers Texans with the right to control their personal data, while also imposing strict obligations on businesses to ensure data security and transparency. In this blog post, we will explore the key provisions of the TDPSA, its applicability, and the rights it grants to consumers.

Applicability and Scope

The TDPSA represents a groundbreaking shift in the landscape of data privacy laws. Unlike its predecessors, it applies to a much broader range of individuals and businesses both within and outside the state. It encompasses any entity conducting business in Texas, producing products or services consumed by Texas residents, and involved in processing or selling personal data. Even small businesses, with certain exemptions, must obtain consumer consent before selling sensitive personal data.

Notably, the TDPSA looks beyond a business’s targeting strategy and focuses on whether their products or services are consumed by Texas residents. Thus, it has the potential to affect a wide array of entities, regardless of size or revenue.

Consumer Rights

Central to the TDPSA’s mission is empowering consumers with comprehensive rights over their personal data. These rights are consistent with similar laws, such as the Virginia Consumer Data Protection Act (VCDPA). Among the key rights granted to consumers under the TDPSA are:

  • Right to Know: Consumers have the right to inquire whether a controller is processing their personal data.
  • Right to Portability: Consumers are entitled to receive a portable copy of their processed personal data in digital format.
  • Right to Deletion: Consumers can request the deletion of personal data held by controllers.
  • Right to Correction: Consumers can request the correction of any inaccurate personal data.
  • Right to Opt-Out: Consumers have the right to opt-out of the sale of their personal data, targeted advertising, and profiling with significant consequences.

Controllers’ Obligations

The TDPSA places substantial responsibilities on businesses, referred to as controllers, that handle personal data. Controllers must adhere to data minimization practices, limiting the use of personal data only to what is reasonably necessary. They must also conduct data protection assessments for specific processing activities that pose a higher risk to consumers, such as targeted advertising or processing sensitive data.

Furthermore, controllers in possession of de-identified or pseudonymous data must ensure that such data cannot be linked to an individual. They are also required to contractually bind any recipient of this data to compliance measures and oversee their adherence to these commitments.

Compliance and Enforcement

The TDPSA will take effect on July 1, 2024, and businesses must be prepared to comply with its provisions. The Texas Attorney General is designated as the primary enforcer of the TDPSA, with the authority to investigate violations and impose penalties of up to $7,500 for each breach. Notably, businesses are provided a 30-day grace period to cure any violations, subject to certain conditions and notifications.

The Texas Data Privacy and Security Act represents a significant milestone in the ongoing efforts to protect consumer data privacy. By granting Texans greater control over their personal information and imposing strict obligations on businesses, the TDPSA sets a robust framework for safeguarding data privacy and security in the state. As Texas joins the ranks of other privacy-conscious states, businesses must prepare diligently for the TDPSA’s implementation to ensure they are compliant and ready to uphold their customers’ privacy rights effectively. By navigating the path forward with diligence and dedication, Texas will lead the way in fostering a privacy-centric environment that serves as a model for other states and nations in the pursuit of data protection.

A propos de l'auteur

A propos de l'auteur

Recommended for you

Data Security Harnessing the Power of Data Classification in Management Strategies
As technology continues to advance at an unprecedented pace, the importance of data security has become increasingly critical. With the r...
Data Security Posture Management in 2024
Data security has always been a top priority for organizations, but as we enter the year 2024, the industry is witnessing a significant s...
ISO27001 Certification
Qohash, a leading data security posture management company, is pleased to announce that it has recently obtained the prestigious ISO 2700...
Qohash - top100wfa
Qohash, a leading innovator in data security posture management, has been selected as one of the Top 100 Next-Generation Companies by the...
BLOG - Qohash (4)
Insider threats pose a significant risk to organizations of all sizes and industries. These threats can arise from current or former empl...
Qostodian Product video banner
In today’s digital age, the protection of sensitive information has become more important than ever. With cyber threats constantly ...
Logo Qohash
By initiative
Regulatory compliance:
Find, classify and inventory all sensitive data, across every data source
Data breach prevention:
Monitor sensitive data 24/7, track data lineage, and enforce policies at endpoints
Microsoft 365
One easy-to-use platform to secure sensitive data on Windows workstations and M365
By regulation
Law 25
Why Qohash
Defy legacy limitations
What our customers say about us

Contact us​