Texas Data Privacy and Security Act: Difference between revisions
m Remove Cases section for now |
m convert citation 1 to use cite web template Tags: Mobile edit Mobile web edit Visual edit |
||
| Line 5: | Line 5: | ||
==Rights Codified== | ==Rights Codified== | ||
The TDPSA codified the following privacy rights for Texas residents<ref> | The TDPSA codified the following privacy rights for Texas residents<ref>{{Cite web |title=Texas Data Privacy And Security Act {{!}} Office of the Attorney General |url=https://www.texasattorneygeneral.gov/consumer-protection/file-consumer-complaint/consumer-privacy-rights/texas-data-privacy-and-security-act |url-status=live |archive-url=https://web.archive.org/web/20260418021327/https://www.texasattorneygeneral.gov/consumer-protection/file-consumer-complaint/consumer-privacy-rights/texas-data-privacy-and-security-act |archive-date=2026-04-18 |access-date=31 Mar 2026 |website=Office of the Attorney General}}</ref>: | ||
* '''Right to Access:''' Individuals have the right to confirm whether a controller is processing their personal data and to access such data. | *'''Right to Access:''' Individuals have the right to confirm whether a controller is processing their personal data and to access such data. | ||
* '''Right to Correction:''' Individuals may request corrections to inaccuracies in their personal data held by a controller. | *'''Right to Correction:''' Individuals may request corrections to inaccuracies in their personal data held by a controller. | ||
* '''Right to Deletion:''' Individuals have the right to request the deletion of personal data collected by or provided to a controller. | *'''Right to Deletion:''' Individuals have the right to request the deletion of personal data collected by or provided to a controller. | ||
* '''Right to Data Portability:''' Individuals can obtain a copy of their personal data in a readily usable and transferable format. | *'''Right to Data Portability:''' Individuals can obtain a copy of their personal data in a readily usable and transferable format. | ||
* '''Right to Opt-Out:''' Individuals may opt out of the processing of personal data for purposes of targeted advertising, the sale of personal data, or profiling that produces significant legal effects. | *'''Right to Opt-Out:''' Individuals may opt out of the processing of personal data for purposes of targeted advertising, the sale of personal data, or profiling that produces significant legal effects. | ||
==Controller and Processor Obligations== | ==Controller and Processor Obligations== | ||
| Line 22: | Line 22: | ||
<ref>[https://www.cliffordchance.com/insights/resources/blogs/talking-tech/en/articles/2023/12/the-texas-data-privacy-law-an-overview.html Clifford Chance overview]</ref>, including: | <ref>[https://www.cliffordchance.com/insights/resources/blogs/talking-tech/en/articles/2023/12/the-texas-data-privacy-law-an-overview.html Clifford Chance overview]</ref>, including: | ||
* Limiting data collection to what is adequate, relevant, and reasonably necessary for processing purposes. | *Limiting data collection to what is adequate, relevant, and reasonably necessary for processing purposes. | ||
* Implementing reasonable administrative, technical, and physical data security practices. | *Implementing reasonable administrative, technical, and physical data security practices. | ||
* Providing a clear and accessible privacy notice that outlines data collection and processing practices. | *Providing a clear and accessible privacy notice that outlines data collection and processing practices. | ||
* Conducting and documenting data protection assessments for high-risk processing activities. | *Conducting and documenting data protection assessments for high-risk processing activities. | ||
* Ensuring contracts between controllers and processors include specific provisions governing personal data handling. | *Ensuring contracts between controllers and processors include specific provisions governing personal data handling. | ||
==Enforcement== | ==Enforcement== | ||