Texas Law Seeks to Improve Cybersecurity for Individuals
The idea of someone in another country hacking or cyber-attacking the internet and stealing money and financial information from hard working people makes me really angry. The idea of someone in this country hacking into the internet and stealing money and wreaking havoc for individuals, businesses, and municipalities makes me really angry. It happens every day and our firm, our clients, and my family have been victim of some type of cyber-crime – as are countless others every minute of every hour of every day. More shocking is the intentional cyber strikes by foreign governments to purposefully destroy assets.
Anyone and everyone that uses the internet whether a desktop, laptop, tablet or smartphone is at risk. Russian hacking is old news, but very recently Texas Governor Greg Abbott released a warning about the high probability of Iran hacking our internet. This followed the drone strike and killing of an Iranian official. Abbott’s announcement was released after he met with the Texas Domestic Terrorism Task Force. Abbott urged local governments and Texas citizens to practice safe computing and directed those concerned to DIR.texas.gov for tips on “cyber hygiene.” Not sure about that term, I prefer “cyber counter-offensives”.
Incredibly, in addition to financial damage, cyberstalking, threats, and related technology-facilitated violent criminal behavior are increasingly common. The Center for Disease Control and Prevention reports, according to the National Intimate Partner and Sexual Violence Survey, that 1 in 6 women and 1 in 19 men in the United States have experienced stalking at some point in their lives that caused them to fear or believe that they, or a person close to them, would be harmed or killed.
On the financial front, last year Texas lawmakers addressed the need to protect Texans from cyber-attacks and created new consumer privacy laws. The Texas Business and Commerce Code now has a new section that revises the notification requirements of the Texas Identity Theft Enforcement and Protection Act and created the Texas Privacy Protection Advisory Council. The council will study, develop and propose recommendations for the Texas Legislature on data privacy laws, and was appointed in November 2019.
The new Texas law changes the timing to provide individual notice of a breach and adds a requirement to notify the Attorney General of a breach that will impact others. Currently, the Texas Identity Theft Enforcement and Protection Act requires that notice be provided “as quickly as possible” to individuals whose sensitive personal information was or is reasonably believed to have been acquired by an unauthorized person. Now Business & Commerce Code Sec. 521.053 revises this timing requirement and states that the notification shall be made “without unreasonable delay and in each case not later than the 60th day after the date on which the person determined that the breach occurred”.
The new law also adds a requirement to notify the Texas Attorney General of a breach affecting at least 250 Texas residents. The notification must similarly be provided “not later than the 60th day after the date on which the person determines that the breach occurred.” The notification to the attorney general must include a description of the breach or use of sensitive personal information, number of Texas residents affected, measures taken and that will be taken by the entity reporting the incident, and whether law enforcement is involved.
Texans may not like this or even believe it, but apparently Texas is one of several states that appear to be following the footsteps of California’s enactment of a broad consumer privacy law: the California Consumer Privacy Act.
Please do not rely on this article as legal advice. We can tell you what the law is, but until we know the facts of your given situation, we cannot provide legal guidance. This website is for informational purposes and not for the purposes of providing legal advice. Information about our commercial and business litigation practice can be found here.
