Upcoming Changes to Texas’ Data Breach Reporting Requirements

July 17, 2019

At this point, everyone has their data breach nightmare story. Perhaps you thought you could leave your laptop in the car and run into the store for just a second, but then came out to find the laptop gone and your window smashed. Maybe the business’ servers went down for a few hours, only to come back online locked by international hackers looking to make a quick buck off the ransom. Or it may be related to a hidden line of installer code that leaks your saved passwords. If you don’t have a horror story yet, you’ve either been in business for less than a year, or you’ve already had a breach and just don’t know it yet.

In all of these scenarios, you may be able to explain away the need to notify your clients and the government of the breach. “The phone and laptop were locked with my biometric PIN!” you exclaim to your attorneys. These kinds of excuses are exactly what Texas is addressing with its updated privacy laws. 

To understand the significance of these new Texas privacy laws, we must first review the current legal landscape and answer this question: “What are the required protocols currently in place when I suspect there has been a data breach?”

For a more general overview of data breaches, read “Cybersecurity in an Unsafe Market.”

1. Your Duty to Your Clients

In Texas, a business must take reasonable measures to protect their clients’ data. “A business shall implement and maintain reasonable procedures, including taking any appropriate corrective action, to protect from unlawful use or disclosure any sensitive personal information collected or maintained by the business in the regular course of business.” Section 521.052 of the Texas Business Code. 

What does this mean? A business should do what it can, within reason, to assure both their clients and themselves that confidential information is secure. Some common measures taken by businesses to protect their clients’ information include:

  • creating and maintain policies and procedures related to transferring and disposing of confidential client information
  • confidentially shredding documents containing client information
  • changing passwords every 30 days
  • securing important electronics in secured and locked areas. 

These physical and digital protections, among others, go a long way to fulfill your obligation to protect your clients’ information. 

2. Is the Data Even Confidential?

More often than not, in the rush to notify clients of the breach, businesses will forget to stop and ask the most important question: “Does the data breach even involve confidential information?” Texas’ Legislature and the Texas Attorney General’s Office have increasingly erred on the side of protecting a person’s private identifying information when in the hands of a business owner. But although companies are collecting more and more personal data, this does not mean ALL information is protected. 

To qualify as “sensitive personal information” that a business owner must report after a breach, the information must contain “an individual’s first name or first initial and last name” in combination with any or all of the following pieces of information:

  • social security number
  • driver’s license number or government identification number
  • an account number or credit or debit card number in combination with any requested
    • security code
    • access code
    • password that would permit access to an individual’ financial account.

Thus, if a business lost a list of driver’s license numbers without any associated names, that might not qualify as information that would need to be reported to the Texas government. However, if you lost a spreadsheet with first names, credit card numbers, and security codes, you most likely would need to notify the government. 

If you notice a data breach, it is important to have an attorney assess what types of information were lost for government reporting purposes.

3. Notice of the Breach

Once it has been determined that “sensitive personal information” has been lost, and the information has been accessed and acquired by an authorized person, it is now time to notify your clients of the breach. Business owners have a duty to disclose the breach to affected clients “as quickly as possible” once the breach is discovered.

While there are no clear instructions on what the notification must contain, best practices dictate that your client should be made aware of the general circumstances of the incident, what specific information was taken, and the next steps you and the client will take in order to minimize the potential damage done to the client. To that end, there are many free services you can provide to data breach victims, and it is good business practice to offer and assist with such services like credit monitoring and credit reports. 

Upcoming Changes to Texas Privacy Laws

Starting January 1, 2020, Texas’ notice requirements will change significantly along with how quickly Texas will be able to react to new privacy threats. Soon, business owners aware of data breaches must notify their affected clients within 60 days of the incident. This is a stark change from “as quickly as possible” and will speed up the notification process for business owners. The clock starts ticking the moment the breach is discovered, which means you have 60 days to find legal analysis, create the notice letter, and procure services to provide to affected clients. 

Furthermore, business owners will have to notify the Texas Attorney General’s Office if the breach involves 250 or more Texas residents. Again, this must be done within the new 60 day window. However, the notification to the Attorney General’s office is much different than the one sent to the client as it MUST contain things like:

  • a detailed description of the breach
  • the number of Texas residents affected
  • what the business is doing to resolve the issues
  • and what the business owner is doing for its affected clients.

This requirement is brand-new and indicates that the Texas Attorney General’s office may potentially intervene in certain data breaches. After all, Texas has one of the most robust Consumer Protection departments in the United States. 

Finally, Texas plans to establish The Texas Privacy Protection Advisory Council. Its role will be to review all of the privacy laws in Texas and make recommendations on how to strengthen the rules and regulations. It’s likely that Texas privacy laws will continue changing at alarming rates and will only increase a business owner’s responsibilities toward their clients in the case of a data breach. 

Rustam Abedinzadeh

By

Rustam Abedinzadeh is an attorney at Pasha Law PC with deep experience in Employee Retirement Income Security Act (ERISA) litigation, hospital and emergency room collections, and healthcare contracting and compliance. He is also well-versed in solving legal issues that occasionally stem from day-to-day hospital and emergency room operations and has represented healthcare providers against health insurance companies concerning a wide range of topics.

Get Business Legal Updates

Please provide your full name.
Please provide a valid email address.
We respect your privacy, and we will never share your information. Unsubscribe at any time.

Related Publications

Even before HIPAA, healthcare providers were generally obligated at a state level for certain levels of privacy protections for their patients. HIPAA compliance, though a significant part of risk management, has become well-engrained in everyone’s policies and procedures and training. However, since 2018, healthcare providers that meet the criteria are now forced to comply with…

June 8, 2021

Data Privacy and Cybersecurity have been buzzwords for a while, but became even more prevalent after the Cambridge Analytica scandal in 2018. What are your business obligations for data security or reporting in the event of a breach? Learn more in our article: https://www.pashalaw.com/upcoming-changes-to-texas-data-breach-reporting-requirements/

January 28, 2021

Governor Greg Abbott today issued an Executive Order to ensure hospital bed availability for COVID-19 patients as Texas faces an increase in COVID-19 cases and hospitalizations. The Governor’s order suspends elective surgeries at hospitals in Bexar, Dallas, Harris, and Travis counties. Under this order, the Governor directs all hospitals in these counties to postpone all…

June 25, 2020

Despite Gov. Abbott’s aggressive moves to reopen the state’s economy, some Texas lawmakers are critical of his apparent blessing on strict, local mask laws. Read the full article here >> https://pasha.bz/texas-mask-law

June 23, 2020

When it comes to emergency rooms, the 2019 Texas Legislative session supposedly created a more transparent, patient friendly future for Out-Of-Network (“OON”) emergency centers. But what the laws actually created were a complicated legal framework that significantly alters OON operations. OONs now face larger fines for simple missteps on tasks like patient billing, marketing materials, and updating fee schedules.

August 21, 2019

San Antonio is repeatedly being challenged by the State of Texas over what has obviously become a cultural, social, and political chasm between city and state in how it administers legal affairs. This has serious implications for its new sick leave laws and stance toward Chick-fil-a

August 1, 2019

[UPDATE 4-4-2019] It pays to stand up for your rights. The Patient Choice Coalition of Texas has reported that is has achieved a major victory for the first major test for House Bill 574 codified in the Texas Insurance Code in chapters 1301 and 843. According to PCCOT, Aetna has already sent out letters rescinding…

February 8, 2019

Attorneys Matt Staub and Nasir Pasha examine Mark Zuckerberg’s congressional hearings about the state of Facebook. The two also discuss Cambridge Analytica and the series of events that led to the congressional hearings, the former and current versions of Facebook’s Terms of Service, and how businesses should be handling data privacy. Full Podcast Transcript NASIR:…

April 17, 2018

Unless you’ve been living under a rock, you know that the U.S. just underwent one of the most contentious elections in its history. The status of may current and proposed laws is now uncertain as we prepare for the shift in administrations. The country remains on edge as we wait to see how things play…

November 30, 2016

The topic of teachers getting into trouble over sex-related matters has become almost a sub-genre of American journalism for several decades now. In the late 1990’s, Washington schoolteacher Mary Kay Letourneau became a tabloid feature and served six years in prison after it was discovered she had engaged in sexual relations with her 12-year old…

March 3, 2016

Nasir and Matt get into the story about a California woman who was fired for deleting an app on her phone that allowed her employer to track where she was at all times.

May 18, 2015

Privacy is back in 2015. Just when many observers were ready to declare privacy dead, consumers and businesspeople have developed new concerns about how information is being collected, sold, manipulated and even accessed by government agencies. The hacking scandals continued; Snapchat images, to the horror of many people, really do not disappear. And now the international…

January 22, 2015

Legally Sound Smart Business

A business podcast with a legal twist

Legally Sound Smart Business is a podcast by Pasha Law PC covering different topics in business advice and news with a legal twist with attorneys Nasir Pasha and Matt Staub.

Latest Episodes

February 4, 2021

How you terminate an employee can make the difference between a graceful transition to avoidable negative outcomes like a dramatic exit or even a lawsuit. We gathered a panel of experts and asked them – is there a “right way” to fire an employee? We would like to thank our guests for this episode: Amr…

December 2, 2020

The COVID-19 pandemic has turned nearly every aspect of life on its head, and that certainly holds true for the business world. In this episode, Matt and Nasir explain how the early days of the pandemic felt like the Wild West and how the shifting legal playing field left a lot open to interpretation and…

November 16, 2020

After plenty of ups and downs, our buyer has finally closed on the purchase of their business. While we’re marking this down in the ‘wins’ column, it never hurts to review the game tape. In this final episode, our hosts, Matt Staub and Nasir Pasha, return to the deal almost a year later to reflect…

September 15, 2020

The ink is drying on the signature line and things are looking great for our buyer. After so much hard work, the finish line is in sight and the cheering within ear shot.   Though the landlord is still serving friction, things seem safe to move forward and for now, our buyer will be keeping…

July 31, 2020

Though things are coming along well, the journey would not be interesting if it was purely smooth sailing. After our buyer opens escrow, they are forced to push the closing date back when suddenly a letter from an attorney was received claiming the business, we are buying has a trade mark on the name!  Now…

June 12, 2020

With frustration at an all-time high and professionalism at an all-time low, our friend the Buyer has “had it” with the Seller and quite frankly their lack of knowledge. At present our Buyer is rightfully concerned that the latest misstep from our loose-lipped Seller will threaten not only the entire operation of the businesses but…

May 11, 2020

As we go deeper into the buying process, we start to uncover more challenges from our seller and encounter some of the wrenches they are tossing our way. When we last left off in episode three our team was knee deep in due diligence for our buyer, had already penned and signed the Letter of…

April 4, 2020

One word–interloper! When a new mysterious broker enters the transaction and starts to kick up dust, Nasir and Matt take the reins. The seller signed off on the letter of intent (see episode 2), yet this “business broker” serves only friction and challenges by refusing to send financials, whilst demanding more of a firm commitment…

April 4, 2020

Just as most stories and deals start out, everyone is optimistic, idealistic and full of hope for clear skies. It’s a perfect outlook with a perfect setup for the ups and downs yet to come. Peek further behind the curtain and into the first steps of buying a business: the letter of intent. After the…

April 4, 2020

When a savvy buyer hears opportunity knocking to purchase a prime positioned business, she decides not to go it alone and taps in the professionals to help navigate what could potentially be a fruitful acquisition. “Behind the Buy” is a truly rare and exclusive peak into the actual process, dangers, pitfalls and achievements, that can…

August 7, 2019

GrubHub is subject to two “matters of controversy” that have likely become common knowledge to business owners: “fake” orders and unfriendly microsites.

May 28, 2019

In this podcast episode, Matt and Nasir breakdown the legal issues of the subscription industry’s business on the internet. Resources A good 50-state survey for data breach notifications as of July 2018. California Auto-Renewal Law (July 2018) Privacy Policies Law by State Why Users of Ashley Madison May Not Sue for Data Breach [e210] Ultimate…

March 12, 2019

In recording this episode’s topic on the business buying process, Matt’s metaphor, in comparing the process to getting married probably went too far, but they do resemble one another. Listen to the episode for legal advice on buying a business.

December 3, 2018

Nasir and Matt return to discuss the different options available to companies looking to raise funds through general solicitation and crowdfunding. They discuss the rules associated with the various offerings under SEC regulations and state laws, as well as more informal arrangements. The two also discuss the intriguing story about a couple who raised over…

July 24, 2018

Flight Sim Labs, a software add-on creator for flight simulators, stepped into a PR disaster and possibly some substantial legal issues when it allegedly included a Trojan horse of sorts as malware to combat pirating of its $100 Airbus A320 software. The hidden test.exe file triggered anti-virus software for good reason as it was actually…

April 17, 2018

Attorneys Matt Staub and Nasir Pasha examine Mark Zuckerberg’s congressional hearings about the state of Facebook. The two also discuss Cambridge Analytica and the series of events that led to the congressional hearings, the former and current versions of Facebook’s Terms of Service, and how businesses should be handling data privacy. Full Podcast Transcript NASIR:…

March 10, 2018

The Trump presidency has led to a major increase in ICE immigration enforcement. It’s critical for business owners to both comply with and know their rights when it comes to an ICE audit or raid. Nasir, Matt, and Pasha Law attorney Karen McConville discuss how businesses can prepare for potential ICE action and how to…

February 5, 2018

New years always bring new laws. Effective January 1, 2018, California has made general contractors jointly liable for the unpaid wages, fringe benefits, and other benefit payments of a subcontractor. Nasir and Matt discuss who the new law applies to and how this affects all tiers in the general contractor-subcontractor relationship. Click here to learn…

January 2, 2018

With a seemingly endless amount of new mattress options becoming available, it is unsurprising that the market has become increasingly aggressive. As companies invest in more innovative solutions to get in front of customers, review sites, blogs and YouTube videos have moved to the forefront of how customers are deciding on their mattresses and how…

December 7, 2017

In recent months explosive amounts of high profile allegations of sexual harassment, assault, and varying acts of inappropriate behavior have transcended every sector of our professional world. With a deluge from Hollywood and politics, and the private workforce, accusations have inundated our feeds and mass media. This harassment watershed has not only been felt within…

November 16, 2017

If you are not familiar with the EB-5 program started in 1990 to give green cards to certain qualified investors in the United States, then you may not have been alone a few years ago. Currently, the EB-5 program has since exploded since its inception and now hits its quotas consistently each year. The program…

October 10, 2017

Government requests come in multiple forms. They can come in as requests for client information or even in the form of investigating your company or your employees. Requests for Client Information General Rule to Follow Without understanding the nuances of criminal and constitutional law and having to cite Supreme Court cases, any government requests for…

August 24, 2017

Nasir and Matt suit up to talk about everything pertaining to employee dress codes. They discuss the Federal laws that govern many rules for employers, as well as state specific nuances in California and other states. The two also emphasize the difficulty in identifyingreligious expression in dress and appearance, how gender-related dress codes have evolved…

June 28, 2017

Nasir and Matt discuss the life cycle of a negative online review. They talk about how businesses should properly respond, how to determine if the review is defamatory, the options available to seek removal of the review, how to identify anonymous reviewers, whether businesses can require clients to agree not to write negative reviews, and…

June 7, 2017

On this episode of the Ultimate Legal Breakdown, Nasir and Mattbreak down social media marketing withguests Tyler Sickmeyer and Kyle Weberof Fidelitas Development. They first discuss contests and promotionsand talk about where social media promotions can go wrong,when businesses are actually running an illegal lottery, and the importance of a soundterms and conditions. Next, they…

April 3, 2017

On this episode of the Ultimate Legal Breakdown, Nasir and Matt go in depth with the subscription box business. They discuss where subscription box companies have gone wrong(4:30), the importance of a specifically tailored terms and conditions(6:30), how to structure return policies (11:45), product liability concerns (14:45),the offensive and defensive side of intellectual property (19:00),…

February 1, 2017

Nasir and Matt discuss the suit against Apple that resultedfrom a car crashed caused by the use of FaceTime while driving. They also discuss howforeseeable use of apps can increase liability for companies. Full Podcast Transcript NASIR: Hi and welcome to Legally Sound Smart Business! I’m Nasir Pasha. MATT: And I’m Matt Staub. Two attorneys…

January 5, 2017

The guys kick in the new year by first discussing Cinnabon’s portrayal of Carrie Fisher as Princess Leia soon after her death, as well as other gaffes involving Prince and David Bowie. They alsotalk about right of publicity claims companies could be held liable for based on using someone’s name or likeness for commercial gain.

December 22, 2016

Nasir and Matt discuss the recent incidentat a Victoria’s Secret store where the store manager kicked out all black women after one black woman was caught shoplifting. They then each present dueling steps businesses should take when employees are accused of harassment.

December 8, 2016

Nasir and Matt return to talk about the different types of clients that may have outstanding invoices and how businesses can convert unpaid bills to getting paid.

November 10, 2016

After a long break, Nasir and Matt are back to discuss a Milwaukee frozen custard stand that is now revising it’s English only policy for employees. The guys also discuss how similar policies could be grounds for discrimination and what employers can do to revise their policies.

October 6, 2016

The guys discuss the new California law that allows actors to request the removal of their date of birth and birthdays on their IMDB page and why they think the law won’t last. They also discuss how age discrimination claims arise for business owner.

September 29, 2016

Nasir and Matt discuss the racial discrimination claims surroundingAirbnb and how it’s handled the situation. They also discuss some practical tips for businesses experiencing similar issues.

September 8, 2016

Nasir and Matt discuss whyAmazon seller accounts are getting suspended and banned without notice and how business owners can rectify this situation through a Corrective Action Plan.

August 25, 2016

Nasir and Matt talk about the accusations surroundingfashion giant Zararipping off the designs of independent artists like Tuesday Bassen and howsmaller companies can battle the industry giants.

August 18, 2016

Nasir and Matt discuss Brave Software’s ad replacing technology that has caught the eye of almost every national newspaper and has a potential copyright infringement claim looming. They also welcome digital marketing expert Matt Michaelree to speak on the specifics of what Brave is attempting to do and whether it has the answers moving forward.

July 28, 2016

Nasir and Matt discuss the sexual harassment lawsuit filed by Gretchen Carlson against Fox CEO Roger Ailes. They also talk aboutthe importance of sexual harassment training and properly handling such allegations in the office.

July 15, 2016

Nasir and Matt talk about the changes at Starbucks that have led to many disgruntled employees and customers.

June 23, 2016

Nasir and Matt discuss the criminal charges facing FedExinvolving the alleged transportation of illegal drugs. They also talk about how business owners should address working with customers that may be breaking the law.

June 15, 2016

The guys return after a long break to discuss why Yahoo is auctioning off over 3,000 patents and how this decision will affect the longevity of the company.

May 25, 2016

Nasir and Matt discuss the increase in the salary thresholdfor exempt employees and how employerscan try to avoid paying overtime as a result.

May 18, 2016

Nasir and Matt discuss the Baltimore law that makes it very difficult to operate food trucks in the city. They also discuss all the legal restrictions tohaving a food truck.

May 11, 2016

Matt listens to Nasir recap the developing battle in his hometown of Vandalia, Ohio over whether a Dunkin Donuts can move into a location in close proximity to a local favorite donut shop. They then discusswhether the issue is more legal or personal.

May 9, 2016

The guys kick off the week by discussing a Nevada employee who is claiming she was fired for not supporting the Scientology beliefs of her employer.

April 27, 2016

The guys discuss the massive floods in Houston,how employers responded, and why one meteorologist became a local hero. They also discuss the steps businesses should take in preparing for storms outside the workplace.

April 20, 2016

The guys discuss the boycott of Amazon over the products of an unnamed presidential candidate. They also talkabout how a business should handle a boycott and whether it’s possible to exit one unscathed.

April 13, 2016

Click here to read HubSpot’s response on this topic. Nasir and Matt discuss the trend in startups to compensate programmers and other early employees with stock options and how the company culture at HubSpot isn’t what it seems.

April 6, 2016

Nasir and Matt discuss various lawsuits against social media platforms in which users are accused of artificially inflating their social currency.

March 30, 2016

Nasir and Matt discuss the class action suit against Jessica Alba’s Honest Company for allegedlyselling products that contained harmful chemicals.

March 23, 2016

Nasir and Matt talk about the story out of Texas that Mexican restaurants were reportedly attempting to ban Trump supporters from eating at their restaurants.

We represent businesses.
That’s all we do.

Oh, and we love it.

We love our work. We love reviewing that lease for your new location. We thrive on closing that acquisition that nearly fell through. We’re fulfilled when we structure a business to grow, raise capital, and be legally protected.

We focus on developing close relationships with our clients by being like business partners. A partner who provides essential, personalized, proactive legal support.

We do all of this without utilizing the traditional billable hour model. You pay for the value we bring, not the time spent on calls, emails, and meetings.

Our team is made up of attorneys and staff that share these values and we are retained by clients who want the same.

Pasha Law PC operates in the states of California, Illinois, New York, and Texas.

Meet Our Team

Fractional General Counsel Services

Pasha Law Select offers the expertise of a high-end general counsel legal team for every aspect of your business at a fixed monthly rate. Pasha Law Select is deliberately designed to allow our legal team to be proactive, to anticipate, and to be comprehensive in serving our clients. To be great lawyers, we need to know our clients. We can’t know our clients unless we represent a select number of clients in the long-term. This is Pasha Law Select.

Learn More