July 23, 2021

Volume XI, Number 204

Advertisement

July 23, 2021

Subscribe to Latest Legal News and Analysis

July 22, 2021

Subscribe to Latest Legal News and Analysis

July 21, 2021

Subscribe to Latest Legal News and Analysis

Adding Insult to Injury - Texas Creates Cyber Wall of Shame

This week Texas Governor Greg Abbott signed into law HB 3746, which amends the state’s data breach notification statute. Following states like Maine, California, and Washington, HB 3746 requires the Texas Attorney General (AG) to publish a public record on its website of data breaches affecting state residents. What might be considered Texas’ “wall of shame” law follows a growing trend of states strengthening existing privacy laws aimed at protecting consumers.

HB 3746, which was unanimously passed by the Texas Legislature, makes two main changes to Texas’ current breach notification statute. First, the Texas AG will be required to publish on its public-facing website any data breaches that have affected 250 or more Texas residents. The reported incident will remain on the AG’s website for one year. If the reporting entity does not face any new security lapses which require reporting to the Texas AG for the duration of that year, the posting will be removed.

Second, HB 3746 adds an additional content requirement for notifying the Texas AG of a data breach. Entities reporting a data breach are now required to provide the number of Texas residents who were sent a notice, in addition to the other requirements already in the statute:

  • a detailed description of the nature and circumstances of the breach or the use of sensitive personal information acquired as a result of the breach;

  • the number of Texas residents affected by the breach at the time of notification;

  • the measures taken by the Entity regarding the breach;

  • any measures the Entity intends to take regarding the breach after notification; and

  • information regarding whether law enforcement is investigating the breach.

Companies that maintain sensitive personal information of Texas residents should review their incident response plans and make all necessary updates and adjustments to ensure compliance with HB 3746 by September 1, 2021. While it remains to be seen whether the passage of HB 3746 signals the Texas Legislature’s appetite for more comprehensive privacy legislation in the future, Bracewell is continuing to monitor privacy legislation developments across the country. Companies are advised to keep data privacy and cybersecurity at the forefront of their business priorities for the foreseeable future—as noncompliance could prove costly.

© 2021 Bracewell LLPNational Law Review, Volume XI, Number 167
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Philip Bezanson, white collar criminal defense, securities, attorney, Bracewell
Managing Partner, Seattle

Philip J. Bezanson's practice focuses on white collar criminal defense, internal investigations, securities enforcement and regulatory matters.

Mr. Bezanson is a member of the Bracewell & Giuliani LLP team that has represented corporate and individual clients in recent high-profile and complex cases, including the Deepwater Horizon explosion, the George Washington Bridge lane closure and General Motors ignition switch investigations, "Pay to Play" cases in New York, New Mexico and Illinois, the stock options backdating cases, and a variety...

212-508-6138
Brittney Justice Litigation Attorney Bracewell
Associate

Brittney Justice represents clients across a range of industries in litigation and government enforcement and investigations in federal and state courts. She provides advice on diverse matters, including securities litigation, complex commercial disputes, environmental claims and government investigations. 

Prior to joining Bracewell, Brittney was a legal intern with Texas’ First Court of Appeals.

202.828.1744
Advertisement
Advertisement