Bill Text: TX HB3746 | 2021-2022 | 87th Legislature | Enrolled
Bill Title: Relating to certain notifications required following a breach of security of computerized data.
Spectrum: Partisan Bill (Republican 2-0)
Status: (Passed) 2021-06-14 - Effective on 9/1/21 [HB3746 Detail]
Download: Texas-2021-HB3746-Enrolled.html
H.B. No. 3746 |
|
||
relating to certain notifications required following a breach of | ||
security of computerized data. | ||
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: | ||
SECTION 1. Section 521.053, Business & Commerce Code, is | ||
amended by amending Subsection (i) and adding Subsection (j) to | ||
read as follows: | ||
(i) A person who is required to disclose or provide | ||
notification of a breach of system security under this section | ||
shall notify the attorney general of that breach not later than the | ||
60th day after the date on which the person determines that the | ||
breach occurred if the breach involves at least 250 residents of | ||
this state. The notification under this subsection must include: | ||
(1) a detailed description of the nature and | ||
circumstances of the breach or the use of sensitive personal | ||
information acquired as a result of the breach; | ||
(2) the number of residents of this state affected by | ||
the breach at the time of notification; | ||
(3) the number of affected residents that have been | ||
sent a disclosure of the breach by mail or other direct method of | ||
communication at the time of notification; | ||
(4) the measures taken by the person regarding the | ||
breach; | ||
(5) [ |
||
regarding the breach after the notification under this subsection; | ||
and | ||
(6) [ |
||
enforcement is engaged in investigating the breach. | ||
(j) The attorney general shall post on the attorney | ||
general's publicly accessible Internet website a listing of the | ||
notifications received by the attorney general under Subsection | ||
(i), excluding any sensitive personal information that may have | ||
been reported to the attorney general under that subsection, any | ||
information that may compromise a data system's security, and any | ||
other information reported to the attorney general that is made | ||
confidential by law. The attorney general shall: | ||
(1) update the listing not later than the 30th day | ||
after the date the attorney general receives notification of a new | ||
breach of system security; | ||
(2) remove a notification from the listing not later | ||
than the first anniversary of the date the attorney general added | ||
the notification to the listing if the person who provided the | ||
notification has not notified the attorney general of any | ||
additional breaches under Subsection (i) during that period; and | ||
(3) maintain only the most recently updated listing on | ||
the attorney general's website. | ||
SECTION 2. This Act takes effect September 1, 2021. | ||
______________________________ | ______________________________ | |
President of the Senate | Speaker of the House | |
I certify that H.B. No. 3746 was passed by the House on April | ||
29, 2021, by the following vote: Yeas 145, Nays 0, 1 present, not | ||
voting. | ||
______________________________ | ||
Chief Clerk of the House | ||
I certify that H.B. No. 3746 was passed by the Senate on May | ||
26, 2021, by the following vote: Yeas 31, Nays 0. | ||
______________________________ | ||
Secretary of the Senate | ||
APPROVED: _____________________ | ||
Date | ||
_____________________ | ||
Governor |