Texas Data Privacy and Security Act: Difference between revisions
No edit summary |
mNo edit summary |
||
| (5 intermediate revisions by 2 users not shown) | |||
| Line 5: | Line 5: | ||
==Rights Codified== | ==Rights Codified== | ||
The TDPSA codified the following privacy rights for Texas residents<ref> | The TDPSA codified the following privacy rights for Texas residents<ref>{{Cite web |title=Texas Data Privacy And Security Act {{!}} Office of the Attorney General |url=https://www.texasattorneygeneral.gov/consumer-protection/file-consumer-complaint/consumer-privacy-rights/texas-data-privacy-and-security-act |url-status=live |archive-url=https://web.archive.org/web/20260418021327/https://www.texasattorneygeneral.gov/consumer-protection/file-consumer-complaint/consumer-privacy-rights/texas-data-privacy-and-security-act |archive-date=2026-04-18 |access-date=31 Mar 2026 |website=Office of the Attorney General}}</ref>: | ||
* '''Right to Access:''' Individuals have the right to confirm whether a controller is processing their personal data and to access such data. | *'''Right to Access:''' Individuals have the right to confirm whether a controller is processing their personal data and to access such data. | ||
* '''Right to Correction:''' Individuals may request corrections to inaccuracies in their personal data held by a controller. | *'''Right to Correction:''' Individuals may request corrections to inaccuracies in their personal data held by a controller. | ||
* '''Right to Deletion:''' Individuals have the right to request the deletion of personal data collected by or provided to a controller. | *'''Right to Deletion:''' Individuals have the right to request the deletion of personal data collected by or provided to a controller. | ||
* '''Right to Data Portability:''' Individuals can obtain a copy of their personal data in a readily usable and transferable format. | *'''Right to Data Portability:''' Individuals can obtain a copy of their personal data in a readily usable and transferable format. | ||
* '''Right to Opt-Out:''' Individuals may opt out of the processing of personal data for purposes of targeted advertising, the sale of personal data, or profiling that produces significant legal effects. | *'''Right to Opt-Out:''' Individuals may opt out of the processing of personal data for purposes of targeted advertising, the sale of personal data, or profiling that produces significant legal effects. | ||
==Controller and Processor Obligations== | ==Controller and Processor Obligations== | ||
The TDPSA imposes various obligations on data controllers and processors<ref> | The TDPSA imposes various obligations on data controllers and processors<ref>{{Cite web |title=FAQs for Businesses as Texas Data Privacy Law Takes Effect July 1 |url=https://www.fisherphillips.com/en/insights/insights/faqs-businesses-texas-data-privacy-law |url-status=live |archive-url=https://web.archive.org/web/20260425051507/https://www.fisherphillips.com/en/insights/insights/faqs-businesses-texas-data-privacy-law |archive-date=2026-04-25 |access-date=31 Mar 2026 |website=Fisher Phillips LLP}}</ref> | ||
<ref> | <ref>{{Cite web |date=31 Dec 2023 |title=The Texas Data Privacy Law: An Overview |url=https://www.cliffordchance.com/insights/resources/blogs/talking-tech/en/articles/2023/12/the-texas-data-privacy-law-an-overview.html |url-status=live |archive-url=https://web.archive.org/web/20260425052448/https://www.cliffordchance.com/insights/resources/blogs/talking-tech/en/articles/2023/12/the-texas-data-privacy-law-an-overview.html |archive-date=2026-04-25 |access-date=31 Mar 2026 |website=Clifford Chance}}</ref>, including: | ||
* Limiting data collection to what is adequate, relevant, and reasonably necessary for processing purposes. | *Limiting data collection to what is adequate, relevant, and reasonably necessary for processing purposes. | ||
* Implementing reasonable administrative, technical, and physical data security practices. | *Implementing reasonable administrative, technical, and physical data security practices. | ||
* Providing a clear and accessible privacy notice that outlines data collection and processing practices. | *Providing a clear and accessible privacy notice that outlines data collection and processing practices. | ||
* Conducting and documenting data protection assessments for high-risk processing activities. | *Conducting and documenting data protection assessments for high-risk processing activities. | ||
* Ensuring contracts between controllers and processors include specific provisions governing personal data handling. | *Ensuring contracts between controllers and processors include specific provisions governing personal data handling. | ||
==Enforcement== | ==Enforcement== | ||
The Texas Attorney General holds exclusive enforcement authority under the TDPSA. Entities found to be in violation are subject to civil penalties of up to $7,500 per violation. Prior to enforcement, the Attorney General may grant a 30-day cure period for organizations to remedy identified violations.<ref> | The Texas Attorney General holds exclusive enforcement authority under the TDPSA. Entities found to be in violation are subject to civil penalties of up to $7,500 per violation. Prior to enforcement, the Attorney General may grant a 30-day cure period for organizations to remedy identified violations.<ref>{{Cite web |title=Texas Data Privacy and Security Act (TDPSA) |url=https://www.consumerprivacyact.com/texas-data-privacy-and-security-act-tdpsa/ |url-status=live |archive-url=https://web.archive.org/web/20260414203132/https://www.consumerprivacyact.com/texas-data-privacy-and-security-act-tdpsa/ |archive-date=2026-04-14 |access-date=31 Mar 2026 |website=Consumer Privacy Act (CPA)}}</ref> | ||
==References== | ==References== | ||
{{Reflist}} | {{Reflist}} | ||
[[Category: | [[Category:American legislation]] | ||