Welcome to the Reuters.com BETA. Read our Editor's note on how we're helping professionals make smart decisions.
Skip to main content

Texas amends law requiring state AG to publicly post data breach notifications

1 minute read

Texas Governor Greg Abbott speaks in Dallas, Texas, U.S., May 4, 2018. REUTERS/Lucas Jackson

15-Jun-2021 - Texas has amended its data breach notification law, under HB 3746, requiring the state attorney general to post data breach notifications on a public website within 30 days of receipt and remove them after one year unless the notifying party reports another breach.

On June 14, 2021 Texas Governor Greg Abbott signed HB 3746, which amended the state's data breach notification law. Existing Texas law requires reporting of data breaches that affect 250 or more residents to the state attorney general within 60 days of discovery. The amendments:

Require parties who experience a reportable data breach to include the number of affected residents that they have notified in their notification to the Texas Attorney General.

Require the Texas Attorney General to:

post on their publicly accessible website a listing of each data breach notification report within 30 days of receipt, maintaining only the most currently updated listing;

exclude reported sensitive personal information or information that may compromise a system's security or is confidential by law; and

remove notification reports from the website after one year if the notifying party does not report another breach during that period.

The amendments take effect on September 1, 2021.

Opinions expressed are those of the author. They do not reflect the views of Reuters News, which, under the Trust Principles, is committed to integrity, independence, and freedom from bias. Practical Law is owned by Thomson Reuters and operates independently of Reuters News.

More from Reuters