Jump to content

Texas Data Privacy and Security Act

From Consumer Rights Wiki
Revision as of 02:23, 31 March 2026 by Sven (talk | contribs) (Created page with "The [https://www.texasattorneygeneral.gov/consumer-protection/file-consumer-complaint/consumer-privacy-rights/texas-data-privacy-and-security-act Texas Data Privacy and Security Act] ("TDPSA") is a law in the U.S State of Texas that establishes digital privacy rights for Texas state residents and enforces these rights against any company providing services to residents, rather they reside in Texas or not. The law was signed by Governor Greg Abbott on June 18th, 2023, wit...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

The Texas Data Privacy and Security Act ("TDPSA") is a law in the U.S State of Texas that establishes digital privacy rights for Texas state residents and enforces these rights against any company providing services to residents, rather they reside in Texas or not. The law was signed by Governor Greg Abbott on June 18th, 2023, with the majority of the law going into effect on July 1st, 2024, and the universal opt-out mechanisms going into effect January 1st, 2025.

Rights Codified

The TDPSA codified the following privacy rights for Texas residents[1]:

  • Right to Access: Individuals have the right to confirm whether a controller is processing their personal data and to access such data.
  • Right to Correction: Individuals may request corrections to inaccuracies in their personal data held by a controller.
  • Right to Deletion: Individuals have the right to request the deletion of personal data collected by or provided to a controller.
  • Right to Data Portability: Individuals can obtain a copy of their personal data in a readily usable and transferable format.
  • Right to Opt-Out: Individuals may opt out of the processing of personal data for purposes of targeted advertising, the sale of personal data, or profiling that produces significant legal effects.

Controller and Processor Obligations

The TDPSA imposes various obligations on data controllers and processors[2] [3], including:

  • Limiting data collection to what is adequate, relevant, and reasonably necessary for processing purposes.
  • Implementing reasonable administrative, technical, and physical data security practices.
  • Providing a clear and accessible privacy notice that outlines data collection and processing practices.
  • Conducting and documenting data protection assessments for high-risk processing activities.
  • Ensuring contracts between controllers and processors include specific provisions governing personal data handling.

Enforcement

The Texas Attorney General holds exclusive enforcement authority under the TDPSA. Entities found to be in violation are subject to civil penalties of up to $7,500 per violation. Prior to enforcement, the Attorney General may grant a 30-day cure period for organizations to remedy identified violations.[4]

Cases

  1. Texas Attorney General TDPSA page
  2. Fisher Phillips FAQ
  3. Clifford Chance overview
  4. Consumer Privacy Act TDPSA overview
Retrieved from "https://consumerrights.wiki/index.php?title=Texas_Data_Privacy_and_Security_Act&oldid=48525"