Bill Text: TX HB3746 | 2021-2022 | 87th Legislature | Engrossed
NOTE: There are more recent revisions of this legislation. Read Latest Draft
Bill Title: Relating to certain notifications required following a breach of security of computerized data.
Spectrum: Partisan Bill (Republican 2-0)
Status: (Passed) 2021-06-14 - Effective on 9/1/21 [HB3746 Detail]
Download: Texas-2021-HB3746-Engrossed.html
Bill Title: Relating to certain notifications required following a breach of security of computerized data.
Spectrum: Partisan Bill (Republican 2-0)
Status: (Passed) 2021-06-14 - Effective on 9/1/21 [HB3746 Detail]
Download: Texas-2021-HB3746-Engrossed.html
By: Capriglione | H.B. No. 3746 |
|
||
|
||
relating to certain notifications required following a breach of | ||
security of computerized data. | ||
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: | ||
SECTION 1. Section 521.053, Business & Commerce Code, is | ||
amended by amending Subsection (i) and adding Subsection (j) to | ||
read as follows: | ||
(i) A person who is required to disclose or provide | ||
notification of a breach of system security under this section | ||
shall notify the attorney general of that breach not later than the | ||
60th day after the date on which the person determines that the | ||
breach occurred if the breach involves at least 250 residents of | ||
this state. The notification under this subsection must include: | ||
(1) a detailed description of the nature and | ||
circumstances of the breach or the use of sensitive personal | ||
information acquired as a result of the breach; | ||
(2) the number of residents of this state affected by | ||
the breach at the time of notification; | ||
(3) the number of affected residents that have been | ||
sent a disclosure of the breach by mail or other direct method of | ||
communication at the time of notification; | ||
(4) the measures taken by the person regarding the | ||
breach; | ||
(5) [ |
||
regarding the breach after the notification under this subsection; | ||
and | ||
(6) [ |
||
enforcement is engaged in investigating the breach. | ||
(j) The attorney general shall post on the attorney | ||
general's publicly accessible Internet website a listing of the | ||
notifications received by the attorney general under Subsection | ||
(i), excluding any sensitive personal information that may have | ||
been reported to the attorney general under that subsection, any | ||
information that may compromise a data system's security, and any | ||
other information reported to the attorney general that is made | ||
confidential by law. The attorney general shall: | ||
(1) update the listing not later than the 30th day | ||
after the date the attorney general receives notification of a new | ||
breach of system security; | ||
(2) remove a notification from the listing not later | ||
than the first anniversary of the date the attorney general added | ||
the notification to the listing if the person who provided the | ||
notification has not notified the attorney general of any | ||
additional breaches under Subsection (i) during that period; and | ||
(3) maintain only the most recently updated listing on | ||
the attorney general's website. | ||
SECTION 2. This Act takes effect September 1, 2021. |