Register
Log Out Show Menu
MenuSearch
X

Texas Senate passes data security bill

Posted: May 23, 2019 | Author:

HB 4390 by Rep. Giovanni Capriglione (R-Southlake) and Sen. Jane Nelson (R-Flower Mound) passed the Texas Senate on May 22 by a vote of 30–1.

The bill strengthens notification requirements of a security breach; creates the Texas Privacy Protection Advisory Council to study data privacy laws; and requires disclosures of system security breaches to the affected individuals and to the attorney general.

The Texas Credit Union Association has been working with the author on the bill, emphasizing that credit unions are heavily regulated under federal law and subject to the Gramm, Leach, Bliley Act, setting out detailed procedures that financial institutions are subject to regarding data protection, as well as examination by regulators, unlike most other businesses.

The bill requires disclosures of data system security breaches in which an individual's sensitive personal information was, or was reasonably believed to be, acquired by an unauthorized person, to be made without unreasonable delay, and in each case not later than the 60th day after the date on which it was determined that the breach occurred.

The bill also requires the person or entity who owned or licensed the data, including the sensitive personal information, to notify the attorney general if the breach involved 250 or more state residents. This notification would include:

  • A detailed description of the nature and circumstances of the breach or the use of sensitive information acquired as a result;
  • The number of Texas residents affected;
  • Measures taken by the person or entity regarding the breach;
  • Any measures that the person or entity intended to take regarding the breach after the notification; and
  • Information on whether law enforcement was engaged in investigating the breach.

The Texas Privacy Protection Advisory Council would be composed of five members of the House of Representatives appointed by the House speaker, five senators appointed by the lieutenant governor, and five members of relevant industries appointed by the governor.

Of the appointees named by the governor, three will be selected from 13 general industry categories, one of which is “consumer banking.” For the other two appointees, one must be a law professor who has published scholarly works on data privacy, and the other must be from a nonprofit organization that studies data privacy laws. The Council will provide a report to the Texas Legislature with recommendations by Sept. 1, 2020.

HB 4390 now goes to the governor’s desk.

Contact Jeff Huffman, Texas Credit Union Association, at 469-385-6488 or jhuffman@txcua.coop for more information.

Subscribe

Sign up to the receive the weekly Leaguer email. Existing subscribers can manage their subscription.

Share Your Stories

Have a story you'd like to see in the Leaguer? Be sure to share it with us.

New Podcast

Cornerstone League Podcast

Now available on  Spotify and Apple Podcasts.

Perspectives Magazine

Perspectives Vol 19 Issue 1

Read the latest issue.