Bill Text: TX HB3746 | 2021-2022 | 87th Legislature | Engrossed
NOTE: There are more recent revisions of this legislation. Read Latest Draft
Bill Title: Relating to certain notifications required following a breach of security of computerized data.
Spectrum: Partisan Bill (Republican 2-0)
Status: (Passed) 2021-06-14 - Effective on 9/1/21 [HB3746 Detail]
Download: Texas-2021-HB3746-Engrossed.html
Bill Title: Relating to certain notifications required following a breach of security of computerized data.
Spectrum: Partisan Bill (Republican 2-0)
Status: (Passed) 2021-06-14 - Effective on 9/1/21 [HB3746 Detail]
Download: Texas-2021-HB3746-Engrossed.html
| By: Capriglione | H.B. No. 3746 | |
|
|
||
|
|
||
| relating to certain notifications required following a breach of | ||
| security of computerized data. | ||
| BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: | ||
| SECTION 1. Section 521.053, Business & Commerce Code, is | ||
| amended by amending Subsection (i) and adding Subsection (j) to | ||
| read as follows: | ||
| (i) A person who is required to disclose or provide | ||
| notification of a breach of system security under this section | ||
| shall notify the attorney general of that breach not later than the | ||
| 60th day after the date on which the person determines that the | ||
| breach occurred if the breach involves at least 250 residents of | ||
| this state. The notification under this subsection must include: | ||
| (1) a detailed description of the nature and | ||
| circumstances of the breach or the use of sensitive personal | ||
| information acquired as a result of the breach; | ||
| (2) the number of residents of this state affected by | ||
| the breach at the time of notification; | ||
| (3) the number of affected residents that have been | ||
| sent a disclosure of the breach by mail or other direct method of | ||
| communication at the time of notification; | ||
| (4) the measures taken by the person regarding the | ||
| breach; | ||
| (5) [ |
||
| regarding the breach after the notification under this subsection; | ||
| and | ||
| (6) [ |
||
| enforcement is engaged in investigating the breach. | ||
| (j) The attorney general shall post on the attorney | ||
| general's publicly accessible Internet website a listing of the | ||
| notifications received by the attorney general under Subsection | ||
| (i), excluding any sensitive personal information that may have | ||
| been reported to the attorney general under that subsection, any | ||
| information that may compromise a data system's security, and any | ||
| other information reported to the attorney general that is made | ||
| confidential by law. The attorney general shall: | ||
| (1) update the listing not later than the 30th day | ||
| after the date the attorney general receives notification of a new | ||
| breach of system security; | ||
| (2) remove a notification from the listing not later | ||
| than the first anniversary of the date the attorney general added | ||
| the notification to the listing if the person who provided the | ||
| notification has not notified the attorney general of any | ||
| additional breaches under Subsection (i) during that period; and | ||
| (3) maintain only the most recently updated listing on | ||
| the attorney general's website. | ||
| SECTION 2. This Act takes effect September 1, 2021. | ||
