top of page
background.png

Data Breach? Your Obligations under the Texas Identity Theft Enforcement and Protection Act

  • Writer: Christopher Elam
    Christopher Elam
  • May 17, 2019
  • 2 min read

Updated: Aug 25, 2023


Illustration by attorney Christopher Elam


For any business – big or small – customer confidence is critical for success in today’s competitive marketplace. But in the event your company’s security is breached and consumer information is stolen, you may have a legal obligation to notify your customers. Admitting a data breach can be embarrassing, but failure to comply with the law can be devastating to your reputation and your bottom line.



The Texas Identity Theft Enforcement and Protection Act

The Texas Identity Theft Enforcement and Protection Act (Tex. Bus. Com. Code §§521.001 et seq.) applies to anyone who conducts business in Texas and “owns or licenses computerized data that includes sensitive personal information.” Texas businesses are required under the Act to protect the sensitive personal information of their staff and customers. As used in the Act, the term “sensitive personal information” includes unencrypted identifying information, such as an individual’s name in combination with other information, such as a social security number, driver’s license number, or credit card information. The term also includes an individual’s health care information. The Act requires you to notify the affected individuals as soon as possible after you discover or reasonably believe that there has been a data breach. A data breach isn’t just limited to your computer systems being hacked – the Act’s notification requirements could also be triggered if, for example, an unscrupulous employee steals a customer’s credit card information, or if a customer using your website receives another customer’s information as a result of a coding error. If the data breach affects more than 10,000 individuals, you must also report the incident to consumer reporting agencies.



The Penalties

The penalties for not complying with the notification requirements can be steep. For each violation, the State of Texas can impose a civil penalty of anywhere between $2,000 and $50,000. Plus, for every person that should have received notification of the data breach but did not, there’s an additional penalty of up to $100 per person. If you fail to react appropriately to an extensive data breach, you could be on the hook for up to $250,000 in fines alone. Although individuals themselves cannot bring a lawsuit to enforce the law, the Texas Attorney General may bring an action to recover the penalties and may even seek an injunction. The Attorney General is also entitled to recover reasonable expenses, including attorney’s fees, court costs, and investigatory costs.


If your business collects or maintains the sensitive personal information of its customers such as credit card information or healthcare information, you need to take extra precautions to collect, store, and secure that data properly. If you have experienced a data breach, or even if you suspect one has occurred, we strongly recommend seeking the advice of an experienced attorney to help you avoid the perils of an inadequate response.


 

Christopher Elam has a broad corporate and transactional practice focusing on the business needs of companies and individuals. He has represented countless businesses ranging from entrepreneurs to multinational corporations, in a wide spectrum of industries, including telecommunications, manufacturing, marketing, and healthcare.




Farrow-Gillespie Heath Wilmoth Law Firm, adoption law, estate planning, tax law, probate law, civil litigation law, employment law, business law, commercial real estate and lending law.
Farrow-Gillespie Heath Wilmoth Law Firm, adoption law, estate planning, tax law, probate law, civil litigation law, employment law, business law, commercial real estate and lending law.

Farrow-Gillespie Heath Wilmoth LLP

1900 N. Pearl Street

Suite 2100
Dallas, Texas 75201
United States of America
o  |  214.361.5600

f   |  214.203.0651

e  |  info@fghwlaw.com

  • Facebook
  • LinkedIn
  • Instagram
  • Twitter

Since 2007, the majority woman-owned law firm of Farrow-Gillespie Heath Wilmoth LLP has been providing sophisticated legal representation in a variety of practice areas. Located in downtown Dallas, FGHW is rated AV Preeminent®, the highest rating awarded to law firms, and is a certified Women’s Business Enterprise (WBE) and Historically Underutilized Business (HUB). 

 

Adoption · Estate Planning ·  Tax Law · Probate Law · Civil Litigation Law · Employment Law · Business Law · Commercial Real Estate and Lending

Important Notice: Contacting an attorney via this website does not create an attorney-client relationship and is not subject to attorney-client privilege. By using this site, you agree to our Terms of Use, and you acknowledge receipt of our Privacy Policy.

© Farrow-Gillespie Heath Wilmoth LLP | All rights reserved.

bottom of page