Law: Texas Data Privacy and Security Act (TDPSA)
Regulator: The Texas Attorney General (AG)
Summary: On June 18, 2023, the Governor of Texas signed House Bill 4 for the Texas Data Privacy and Security Act which will enter into effect on July 1, 2024, although provisions on the ability of consumers to direct a third party to opt-out of the processing of personal data on their behalf do not enter into effect until January 1, 2025. The Act introduces obligations for data controllers and processors including disclosure as well as vendor management requirements and establishes new consumer rights such as the right to access, deletion, be informed (confirmation), and the right to opt out of targeted advertising and the sale of personal data. Furthermore, the Act provides the AG with enforcement powers, but does not provide a private right of action.
In addition, the Identity Theft Enforcement and Protection Act ('the Identity Theft Act'), under Chapter 521, Title 11 of the Business and Commerce Code and Chapter 33, Title 7 of the Penal Code, contain general privacy provisions focusing on the protection of personal identifying information and sensitive personal information. Furthermore, Texas has a range of sector-specific privacy regulations governing health data, financial data, biometric data, and unsolicited commercial communications.