On March 31, 2021, the Texas legislature passed House Bill 3746 (HB 3746), an update to the state’s breach notification statute. HB 3746 is expected to be signed into law by the Texas governor and become effective on September 1, 2021. The bill makes two primary changes to Texas’ current breach notification statute.
First, the updated breach notification statute will require the Texas attorney general’s office to begin posting on its website “a listing of the notifications” it receives when a breach affects at least 250 Texas residents. The amended statute does not describe what “listing” must be posted; however, the statute prohibits the posting of “any information that may compromise a [business’] data system’s security,” or anything that includes sensitive personal information or is considered confidential under the law.
Unlike similar posting requirements under the laws of other states (California, Massachusetts, etc.), the Texas law provides for a take-down for what might be considered good behavior. If the business does not notify the Texas AG of an additional data breach within the subsequent twelve months, the online posting for that business is to be taken down. In addition, the Texas statute only contemplates publication of one breach – the most recent one. The one-year time period for the listing restarts when each new listing is posted.
Continue Reading Texas legislature updates state data breach notification law to provide for online posting of certain data breaches