The Texas Legislature followed what California and Maine had done in approving a bill requiring the Texas Attorney General to publish notices regarding personal data breaches that affect state residents on the public-facing web portal of the state Attorney General.
The amendment of the Texas Business and Commerce Code § 521.053, now known as House Bill 3746, got a unanimous approval. The bill requires the Texas Attorney General to publish data breach incidents that have affected a minimum of 250 Texas locals. The web portal should be refreshed with breach reports received every 30 days.
A published report of a company on the website must remain published for one year. The posting can be removed when the person or firm didn’t experience any other data breaches affecting a minimum of 250 Texas locals in that one-year time period.
According to Texas laws, within 60 days of learning about a breach, a breach notification needs to be submitted to the state Attorney General. The breach notification must give a complete description of the nature of the breach, a narrative of how it happened, and information of whether sensitive data was taken as a result of the breach. The notices should tell the number of individuals acknowledged to have been affected by the breach when the breach report is submitted to the State Attorney General. It is additionally required to state the specific actions undertaken in response to the breach, actions that will be carried out related to the breach, and whether the police is involved during the breach investigation.
The law upgrades present data breach notification requirements to also warrant the Attorney General to be informed how many Texas residents received breach notification by mail or other direct way of information in the period of issuance of the breach notification to the Texas Attorney General.
The law is currently awaiting Texas Governor Greg Abbott’s signature. After getting the signature, the bill will be effective beginning September 1, 2021.