July 22, 2019

July 22, 2019

Subscribe to Latest Legal News and Analysis

Texas Legislature Weighing Proposed New Privacy Laws

Recently, legislators in Texas introduced two bills relating to consumer privacy and data protection: H.B. No. 4518, the Texas Consumer Privacy Act (“Texas CPA”) and H.B. No. 4390, the Texas Privacy Protection Act (“TPPA”). These bills bear a strong resemblance to the California Consumer Privacy Act (the “California CPA”), and would lay the groundwork for extensive administrative schemes protecting consumers’ rights to their personal information.

Texas CPA

The Texas CPA bears strong similarity to California CPA. The Texas CPA, which, if adopted, would take effect September 1, 2020, applies to companies that do business and collect consumer data and:

  • Derive at least 50% of their annual revenue selling consumers’ personal information; or

  • Exceed $25 million in gross annual revenue (with that amount subject to adjustment by the Texas Attorney General every two years); or

  • Buy, sell, or receive the personal information of at least 50,000 consumers, households, or devices for commercial purposes

  • The Texas CPA would also apply to entities owned by companies that would be subject to the law. Similar to the California CPA, the Texas CPA contains express provisions governing rulemaking, implementation, and enforcement of the law. Notably, the legislation highlights various consumer rights, including (but not limited to):

  • A consumer’s right to disclosure, from the business, of the personal information the business collected.

  • A consumer’s right to deletion of the personal information that the business collected (with some limited, specific exceptions).

  • A consumer’s right to opt out of the sale of his or her personal information.

TPPA

The TPPA, which (if passed) would go into effect September 1, 2019, proposes regulations on how a business processes and retains (or destroys) personal identifying information. It covers nearly identical businesses as the Texas CPA, provides the Texas Attorney General with similar rulemaking and enforcement powers, and it requires a similar disclosure of the type of personal information a business collects/processes, as well as how that information is used. Notably, this disclosure must be made before the business collects the information.

Other notable aspects of the proposed legislation include:

  • The Texas CPA would punish violations of the law with civil penalties of $2,500 per violation ($7,500 for intentional violations).

  • The bill applies only to information collected electronically (including over the internet or another network) or through a computing device associated with or routinely used by a customer/user and linked (or reasonably linked) to a specific customer/user.

  • The business must obtain the customer’s explicit consent for processing that customer’s personal identifying information.

  • The bill requires a business to develop and implement a data security program and accountability program to ensure compliance with the TPPA.

  • The bill also only allows a business to process a customer’s personal identifying information if it is required to do so by law.

Like the Texas CPA, the TPPA would provide for civil penalties for violations. However, violations of the TPPA would be punishable by a fine of $10,000 per violation, up to a maximum amount of $1 million.

Copyright © by Ballard Spahr LLP

TRENDING LEGAL ANALYSIS


About this Author

Justin Shiroff, Ballard Spahr Law Firm, Las Vegas, Commercial Litigation and Healthcare Law Attorney
Associate

Justin A. Shiroff’s practice is concentrated in commercial litigation (with an emphasis on consumer financial services litigation), as well as healthcare law and data privacy/cybersecurity. His experience also extends to disputes involving employment law. Mr. Shiroff has represented a range of clients that include information security providers, banks and other lending institutions, hospitals and gaming companies/resorts. In addition to his commercial litigation practice, in the health care services field, he has assisted clients in a variety of issues including...

702-868-7527
Joel Tasca financial institutions lawyer,  consumer class action attorney Ballard Spahr
Partner

Joel E. Tasca has defended banks and other financial institutions in consumer class and individual actions for over twenty years. These cases have arisen out of residential mortgage loans, credit card accounts, and an array of other consumer financial services.  Many of these suits have been brought under federal consumer protection laws such as the Fair Credit Reporting Act, the Telephone Consumer Protection Act, the Truth in Lending Act, and the Real Estate Settlement Procedures Act, as well as under state unfair, deceptive, or abusive acts and practices statutes.

Litigation against banks and other financial institutions is more prevalent than ever.  Consumer plaintiffs' attorneys have sprouted like weeds, and many have devoted themselves to an ongoing search for vulnerabilities in the business practices of financial institutions. This trend is set to increase in the future as rapid advancements in technology and an exponential increase in available consumer data usher in changes to financial institutions' business practices, and cause plaintiffs' attorneys to ponder new theories of potential liability.

In this environment, it is critical for financial institutions' outside litigation counsel to have the vision to identify vulnerable business practices up front so that clients can take action to minimize risks and avoid litigation altogether. When litigation does occur, outside counsel must approach each case with flexibility to reach fast and efficient resolution when stakes are low, and scale up to fight aggressively when stakes are high or when a message must be sent to plaintiffs and their counsel.

Areas of Practice include: 

  • Litigation. 
  • Privacy & data security. 
  • Class action litigation. 
  • Consumer financial services. 
  • Mortgage banking. 
  • Virtual currency. 
215-864-8188