Privacy & Information Security Law Blog

On May 10, 2023, the Texas Senate passed H.B. 4, also known as the Texas Data Privacy and Security Act (“TDPSA”). The TDPSA now heads to a conference committee between the Texas Senate and House to rectify the differences between the Senate and House versions. If the TDPSA is signed into law, Texas could become the tenth state to enact comprehensive privacy legislation.

In addition to the provisions of H.B. 1844, the TDPSA:

• Revises the definition of personal data to include pseudonymous data only when the data is used by a controller or a processor in conjunction with additional information that reasonably links the data to an identified or an identifiable individual;
• Adds a requirement that if a controller sells sensitive or biometric data, the controller must disclose that fact in its privacy policy;
• Requires small businesses, as defined by the United States Small Business Administration, to receive consent from consumers before selling consumers’ sensitive data;
• Directs the Texas Attorney General to provide (1) information outlining consumer rights and the responsibilities of controllers and processors under the TDPSA, and (2) an Internet mechanism for submitting consumer complaints; and
• Introduces prescriptive requirements for curing a violation.

Update: On June 18, 2023, Governor Greg Abbott signed House Bill 4 into law, making Texas the eleventh state to enact a comprehensive privacy law. Most of the provisions of the TDPSA will take effect on July 1, 2024. Certain provisions regarding submitting requests via authorized agents will take effect on January 1, 2025.