Texas has joined Arkansas and Utah as the third state to impose requirements on social media accounts for those under 18. Namely, with the Securing Children Online through Parental Empowerment Act (“SCOPE Act”), Texas will place requirements on “digital service providers.” The law goes into effect September 1, 2024. It does not provide for a private right of action. Instead, enforcement will be by the Texas attorney general.Continue Reading Texas’ SCOPE Act Puts Focus on Social Media and Minors
Texas Amends Data Breach Notification Law, Updates Effective September 1
Texas recently enacted an amendment to its data breach notification law. As of September 1, 2023, there are two changes to the requirements when notifying the Texas Attorney General. In Texas, breaches of 250 residents or more must be reported to the Attorney General. Now, as amended, this will need to be done so as soon as practicable, and not later than 30 days from determination of the breach (previously, it was 60 days). Texas joins Colorado, Florida, and Washington in requiring notice within a 30-day time frame. Notification in Texas must also be submitted electronically using a form on the AG’s website.Continue Reading Texas Amends Data Breach Notification Law, Updates Effective September 1
The Comprehensive Privacy Law Deluge: Approaching Notice Obligations
When thinking about privacy notice obligations, companies often -incorrectly- leap to the wording in their privacy policies. The new comprehensive state privacy laws are a reminder that notice obligations are a bit broader than mere privacy policies. To the extent that these laws apply to your organization (see our prior applicability post) there are some notice-related obligations to keep in mind.Continue Reading The Comprehensive Privacy Law Deluge: Approaching Notice Obligations
The Comprehensive Privacy Law Deluge: Updating Vendor Contracts
Of the many worries on privacy compliance teams’ lists as we face the onslaught of state “general” privacy laws are the impacts they have on vendor contracts. Fortunately for those who have already had to deal with contracts with vendors (service providers, processors) in California or EU’s GDPR, the impact should be fairly minimal.Continue Reading The Comprehensive Privacy Law Deluge: Updating Vendor Contracts
The Comprehensive Privacy Law Deluge: What to Do About “Profiling”
With a little less than a week before the next US state “comprehensive” privacy laws (Colorado and Connecticut) go into effect, many are reviewing existing practices. One that keeps coming up is the concept of “profiling.” As a reminder, we now have 11 states with comprehensive privacy laws: California, Colorado, Connecticut, Florida, Indiana, Iowa, Montana, Tennessee, Texas, Utah, and Virginia.Continue Reading The Comprehensive Privacy Law Deluge: What to Do About “Profiling”
The Lone Star State Joins the Privacy Law Deluge: Another Governor Signs
Texas has now become the 11th state, following Florida, to have a “comprehensive” privacy law. HB 4 was signed by the governor on June 18, 2023. This caps off a busy spring for state lawmakers not only in Texas, but Florida, Iowa, Indiana, Tennessee, and Montana. The law goes into effect on July 1, 2024 (the ability for agents to submit rights requests is not effective until January 1, 2025 however). For a round-up of state laws’ effective dates, visit here.Continue Reading The Lone Star State Joins the Privacy Law Deluge: Another Governor Signs
Texas Breach Notification Law Amended, Changes Effective September 1, 2021
Texas’s data breach notification law was recently amended to require the state’s Attorney General to post notice of data breaches on a public website within 30 days of receiving notice of the data breach. It also requires companies to provide the AG with more information when notifying the AG of a breach.
Continue Reading Texas Breach Notification Law Amended, Changes Effective September 1, 2021