Texas Privacy Protection Act sets data breach requirements for businesses; establishes advisory council

HB 4390 would require any business that experiences a data breach to notify any one whose sensitive personal information was affected by the breach "without unreasonable delay" and not later than 60 days after the breach occurred. If the breach affected at least 250 Texas residents, the attorney general would have to be notified of the breach.

The bill also creates the Texas Privacy Protection Advisory Council to study and evaluate the laws in Texas, other states, and relevant foreign jurisdictions that govern the privacy and protection of information. Before the next legislative session, the council is to make recommendations to the legislature on specific statutory changes regarding the privacy and protection of that information, based on results of the council's study.

HB 4390 was approved by the House Business and Industry Committee on April 24. 

Contact Jeff Huffman at 469-385-6488 or jhuffman@txcua.coop for more information.