What Does the Texas Data Breach Amendment Mean for Your Fort Worth Business?

Corptek is an IT managed services provider serving Fort Worth and the surrounding areas. Our consultants can assist clients in implementing the Texas Data Breach Amendment.  

In one report, four out of five Texas law firms reported some kind of cyber incident related to potential or actual data breaches. However, law firms aren’t the only industry impacted. In fact, one healthcare system had to notify all of its patients of a data breach that exposed patient records to hackers. This notification adhered to Texas data breach laws expanded with the passage of the 2019 Texas Data Breach Amendment.

Businesses in Fort Worth and throughout Texas are subject to additional requirements laid out in the Amendment. HB 4390 became law with the signature of Texas Governor Greg Abbott on May 7, 2019. The Amendment created an advisory council tasked with developing recommendations for further privacy legislation.

What Changes Does the Amendment Bring?

The original Texas data breach law requires businesses to report breaches “as quickly as possible” to anyone whose personal information was compromised. The Texas Data Breach Amendment clarifies the notification timeline by mandating that individual notices go out within 60 days of a data breach discovery.

Further, businesses must notify the state Attorney General within 60 days if the incident impacts more than 250 Texas residents. The required Notice to the Attorney General includes:

  • A detailed description of the breach and use of sensitive personal information, if known
  • How many residents were impacted
  • Measures were taken after the breach
  • Details on law enforcement involvement, if any

The Amendment went into effect on January 1, 2020.

Section 2 of the Amendment sets up a Texas Privacy Protection Advisory Council. The Council will study Texas data privacy laws and compare them to data breach laws in other states and around the world. Their recommendations for further data privacy laws is due on September 1, 2020.

The bill went through many modifications before reaching its final form.

What Steps Should Fort Worth Businesses Take After a Data Breach?

Here are three steps that the IRS suggests for businesses to take following a data security breach:

  • Notify law enforcement – If compromised data can harm any individual or business, call the local authorities to report the situation as well as any threat of identity theft.
  • Notify affected businesses – When information theft impacts other businesses, such as credit issuers or banks, they must also be notified. Notify the major credit bureaus when the data breach includes names and Social Security numbers.
  • Notify individuals – Although the law specifies 60 days, notifying individuals as early as possible helps them mitigate the misuse of their data.

When SSNs have been obtained, individuals can refer to the Taxpayer Guide to Identity Theft for recommendations on how to handle the situation. The Federal Trade Commission offers guidance to businesses regarding information compromise. Both of these documents are valuable resources that can be passed on to users in the data breach notification.

Corptek is an IT managed services provider serving Fort Worth and the surrounding areas. Our consultants can assist clients in implementing the Texas Data Breach Amendment.