The Texas Legislature, which meets each different yr, pushed a change to its information breach notification regulation on the finish of the session in late Might, and yesterday Governor Greg Abbott signed the invoice into regulation. It follows a rising development of modifications to privateness and cybersecurity legal guidelines on the state stage.
Texas House Bill 3746 will amend Texas Enterprise and Commerce Code § 521.053, which requires notifications to people and the Texas Legal professional Common following sure information breaches. The modification provides a requirement for the Texas Legal professional Common to publish on its web site an inventory of information breach notifications acquired, when a breach entails 250 or extra Texas residents. California has an identical requirement, though it’s for breaches affecting 500 or extra residents.
Particularly, the Texas modification would require the Texas Legal professional Common to:
Put up on the Legal professional Common’s public web site an inventory of notifications acquired, excluding any delicate private data, any data which will compromise a knowledge system’s safety, and another data reported to the Legal professional Common that’s made confidential by regulation;
Keep an up to date itemizing on the web site, and replace the record no later than each 30 days; and
Take away information no later than one yr following the date it was added, until the entity notified the Legal professional Common of extra incidents.
The modification additionally now requires that entities reporting a breach to the Texas Legal professional Common present the variety of Texas residents receiving notification of the breach, along with the present necessities of:
An in depth description of the character and circumstances of the breach or the usage of delicate private data acquired because of the breach;
The variety of residents affected by the breach;
The measures taken by the individual relating to the breach and any measures the individual intends to take relating to the breach after notification; and
Data relating to whether or not regulation enforcement is engaged in investigating the breach.
The Texas modification might point out a rising development in the direction of elevated data sharing in an effort to forestall future information breaches. On the federal stage, the U.S. Cybersecurity and Infrastructure Safety Company (CISA) has carried out a number of packages prior to now yr to advertise data sharing and consciousness. “Data sharing is important to the safety of important infrastructure and to furthering cybersecurity for the nation. Because the lead federal division for the safety of important infrastructure and the furthering of cybersecurity, the CISA has developed and carried out quite a few information-sharing packages. By way of these packages, CISA develops partnerships and shares substantive data with the personal sector, which owns and operates nearly all of the nation’s important infrastructure. CISA additionally shares data with state, native, tribal, and territorial governments and with worldwide companions, as cybersecurity menace actors should not constrained by geographic boundaries”, CISA states. Extra data on CISA data sharing and consciousness packages is offered here.
The up to date Texas regulation will take impact September 1, 2021. With no scarcity of large-scale breaches and heightened public consciousness throughout the nation, organizations no matter jurisdiction are suggested to guage and improve their information breach prevention and response capabilities.
Jackson Lewis P.C. © 2021Nationwide Regulation Overview, Quantity XI, Quantity 166