Protecting Privacy in Texas. What is the Texas Data Privacy & Security Act (TDPSA) & what strategies to ensure compliance

Texas passed the Data Privacy and Security Act on May 28th, 2023 to ensure privacy and safety for its citizens. Once approved by the governor, it will go into effect on July 1st, 2024, reinforcing Texas’s commitment to strict privacy standards and data security. Texas joins only five other states that have taken such measures in 2023. This legislation adds to Texans’ confidence in their government’s commitment to protecting their personal information and sets a standard for other states to follow.

Who needs to be TDPSA compliant?
With the Texas Data Privacy and Security Act (TDPSA) in place, businesses can have confidence in knowing that they are able to provide top-notch protection to their clients’ personal information. The comprehensive set of guidelines applies to a variety of businesses, encouraging them to collect, use, or share personal data with the utmost care. TDPSA is a must for any company doing business in Texas, offering products or services to Texas residents, or collecting personal information from Texas individuals. Businesses can breathe easier knowing that small companies are exempt from the Act as long as they don’t sell sensitive information without explicit consent. TDPSA only considers sensitive information such as name, address, social security number, financial account details, and biometric data- so businesses can be sure to be in compliance. With the TDPSA as a vital tool, businesses can feel confident they are in compliance and avoid any legal penalties, including hefty fines and legal actions from Texas Attorney General’s Office; in turn, they can guarantee the safety and privacy of Texans’ personal information.

Strategies to be TDPSA compliant
You’ve got this! Following these important steps will ensure that your company is compliant with rules and regulations regarding personal information.

1. Take a thorough inventory of all the personal information you possess about people in Texas and determine why you have it.
2. Craft a concise and transparent policy that details how you collect, use, and share personal information with your clients. This will ensure that everyone knows what to expect from your company when it comes to their privacy.
3. Be proactive in examining your system for potential threats that could compromise personal information. Act immediately to resolve any issues that arise.
4. Respect your clients’ privacy by giving them the power to access, modify, and delete their personal information at their discretion.
5. Safeguard personal information with top-notch security measures and stay on the lookout for any weaknesses in your system.
6. If the worst happens and personal information is lost or stolen, take the necessary steps to inform those affected and have a plan in place to address the situation. Confronting these challenges with confidence will ensure that you remain in compliance and keep your clients safe.

Texan residents’ rights over their personal data
Texans should feel confident in their rights when it comes to their personal information. Not only can businesses collect their information, but they are also required to disclose what information they have, provide copies upon request, and delete it upon request. Texans have the power to refuse the sale of their information and make corrections if needed. Additionally, businesses are obligated to notify individuals if their information is compromised and must deal with any complaints in a timely manner within 45 days. Extensions are understandable, but overall, Texans have every reason to feel confident in their personal information rights and the enforcement of policies surrounding it.

Failure to comply with TDPSA
The Texas Attorney General’s Office holds the exclusive power to enforce Texas’s TDPSA. They have the ability to investigate complaints and violations, and legally prosecute businesses that do not adhere to the law. A maximum fine of $7,500 for each violation can be imposed by the Attorney General. The TDPSA grants a 30-day opportunity to rectify any breaches, following receipt of written notice from the Attorney General. This right will not expire and will be a permanent feature of the law. A private right of action is not incorporated into the law.

How ColtBlue can help with TDPSA Compliance
ColtBlue is the ultimate solution for organisations that want to be prepared for the Texas Data Privacy and Security Act (TDPSA). ColtBlue’s automated privacy management platform provides cutting-edge privacy management services that will help you comply with this new law. Here are some of the ways ColtBlue can help you:

1. Find Your Data: ColtBlue can easily identify any personal data that falls under TDPSA regulations.
2. Automate Requests: ColtBlue can automate data deletion, correction, and access requests by providing a centralised dashboard. No more manual tracking and reporting.
3. Minimise and Retain Data: ColtBlue can identify unnecessary or excessive data and help set retention periods and data management policies for disposal.
4. Implement Automated Protection Controls: ColtBlue can help you implement technical and organisational safeguards to protect your data.
5. Assess Risk with PIA Assessments: ColtBlue can offer automated privacy impact assessments to identify potential risks to your organisation.
6. Data Breach Readiness and Response: ColtBlue can detect and investigate data breaches, and notify relevant authorities and data subjects on time. With ColtBlue, your privacy and security are in good hands.