What the Texas Data Privacy and Security Act Means for Texas Businesses
The Texas Data Privacy and Security Act (TDPSA) took effect on July 1, 2024, and it is now actively enforced. The law establishes clear consumer privacy rights and requires businesses to be more transparent, secure, and accountable in how they handle personal data.
Why the TDPSA Matters
Regulates how personal data is collected, used, and protected, not just breaches
Applies to many businesses without a revenue threshold
Aligns Texas with other major state privacy laws
Enforcement activity is already underway
Regulates how personal data is collected, used, and protected, not just breaches
Applies to many businesses without a revenue threshold
Aligns Texas with other major state privacy laws
Enforcement activity is already underway
Who Must Comply
The TDPSA generally applies to organizations that:
Do business in Texas or
Provide products or services to Texas residents and
Collect, use, share, or process personal data
Some exemptions apply, but many mid-sized businesses are covered.
Consumer Rights Under the TDPSA
Texas residents now have the right to:
Know what personal data is collected and why
Access and obtain a copy of their data
Correct inaccurate personal data
Request deletion of personal data
Opt out of targeted advertising, data sales, and certain profiling
As of January 1, 2025, consumers may use an authorized agent to submit opt-out requests.
Business Obligations (At a Glance)
Businesses subject to the TDPSA must:
Publish a clear and accurate privacy notice
Collect only data that is necessary and relevant
Obtain affirmative consent for sensitive personal data
Implement reasonable administrative, technical, and physical security safeguards
Provide a process to respond to consumer requests within required timeframes
Maintain proper data processing agreements with vendors
Enforcement and Penalties
Enforced exclusively by the Texas Attorney General
No private lawsuits under the TDPSA
30-day cure period may apply
Civil penalties can reach up to $7,500 per violation
Enforced exclusively by the Texas Attorney General
No private lawsuits under the TDPSA
30-day cure period may apply
Civil penalties can reach up to $7,500 per violation
Practical Compliance Steps
To reduce risk, Texas businesses should:
Inventory the personal data they collect and store
Review and update privacy and security policies
Strengthen cybersecurity controls (access, backups, monitoring)
Train employees on data handling and privacy requests
Confirm vendors meet security and privacy obligations
Final Takeaway
The TDPSA makes data privacy a core business responsibility in Texas. Organizations that take a proactive, operational approach to privacy and security will be better positioned to avoid enforcement issues and build customer trust.
Disclosure
This article is for informational purposes only and does not constitute legal advice.
Consult qualified legal counsel for guidance specific to your business and industry.
Need help aligning your IT and security practices with Texas privacy requirements?
Visit www.bitxbit.com or call 877.860.5831 to start the conversation.
Sources & References
Texas Office of the Attorney General – Texas Data Privacy and Security Act (TDPSA)
https://www.texasattorneygeneral.gov/consumer-protection/file-consumer-complaint/consumer-privacy-rights/texas-data-privacy-and-security-act
Texas Business & Commerce Code, Chapter 541 – Texas Data Privacy and Security Act
https://statutes.capitol.texas.gov/Docs/BC/htm/BC.541.htm
Texas State Law Library – Overview of the Texas Data Privacy and Security Act
https://www.sll.texas.gov/spotlight/2024/07/texas-data-privacy-and-security-act/
Fisher Phillips – FAQs for Businesses on the Texas Data Privacy Law
https://www.fisherphillips.com/en/news-insights/faqs-businesses-texas-data-privacy-law.html
TrustArc – Texas Data Privacy and Security Act Compliance Summary
https://trustarc.com/regulations/texas-tdpsa/
Didomi – TDPSA Requirements and Sensitive Data Consent
https://www.didomi.io/blog/texas-data-privacy-law-tdpsa-everything-you-need-to-know-didomi
Ketch – Business Compliance Obligations Under the TDPSA
https://www.ketch.com/regulatory-compliance/texas-data-privacy-security-act-tdpsa
Texas Office of the Attorney General – Texas Data Privacy and Security Act (TDPSA)
https://www.texasattorneygeneral.gov/consumer-protection/file-consumer-complaint/consumer-privacy-rights/texas-data-privacy-and-security-act
Texas Business & Commerce Code, Chapter 541 – Texas Data Privacy and Security Act
https://statutes.capitol.texas.gov/Docs/BC/htm/BC.541.htm
Texas State Law Library – Overview of the Texas Data Privacy and Security Act
https://www.sll.texas.gov/spotlight/2024/07/texas-data-privacy-and-security-act/
Fisher Phillips – FAQs for Businesses on the Texas Data Privacy Law
https://www.fisherphillips.com/en/news-insights/faqs-businesses-texas-data-privacy-law.html
TrustArc – Texas Data Privacy and Security Act Compliance Summary
https://trustarc.com/regulations/texas-tdpsa/
Didomi – TDPSA Requirements and Sensitive Data Consent
https://www.didomi.io/blog/texas-data-privacy-law-tdpsa-everything-you-need-to-know-didomi
Ketch – Business Compliance Obligations Under the TDPSA
https://www.ketch.com/regulatory-compliance/texas-data-privacy-security-act-tdpsa
Disclaimer
Sources are provided for general informational purposes only and do not constitute legal advice.
No comments:
Post a Comment