Support Centre



Law: Texas Data Privacy and Security Act (TDPSA)

Regulator: The Texas Attorney General (AG)

Summary: On June 18, 2023, the Governor of Texas signed House Bill 4 for the Texas Data Privacy and Security Act which will enter into effect on July 1, 2024, although provisions on the ability of consumers to direct a third party to opt-out of the processing of personal data on their behalf do not enter into effect until January 1, 2025. The Act introduces obligations for data controllers and processors including disclosure as well as vendor management requirements and establishes new consumer rights such as the right to access, deletion, be informed (confirmation), and the right to opt out of targeted advertising and the sale of personal data. Furthermore, the Act provides the AG with enforcement powers, but does not provide a private right of action.

In addition, the Identity Theft Enforcement and Protection Act ('the Identity Theft Act'), under Chapter 521, Title 11 of the Business and Commerce Code and Chapter 33, Title 7 of the Penal Code, contain general privacy provisions focusing on the protection of personal identifying information and sensitive personal information. Furthermore, Texas has a range of sector-specific privacy regulations governing health data, financial data, biometric data, and unsolicited commercial communications.


Texas enacted the Texas Data Privacy and Security Act (TDPSA) on June 18, 2023, and compliance is required starting from July 1, 2024. Businesses experienced with other comprehensive state consumer privacy laws will find most aspects of the TDPSA to be familiar. However, the TDPSA incorporates unique features that businesses should consider when updating their privacy programs for compliance with Texas regulations.

In this Insight article, Wendell Bartnick, Christian Blair, and Stuart Cobb, from Reed Smith LLP, delve into the TDPSA's applicability, unique features, exemptions, potential risks of non-compliance, and various compliance considerations, including privacy requests, authorized agents, data safeguards, privacy notices, disclosure of personal data sales, and updating vendor management processes to meet TDPSA requirements.

The Texas Data Privacy and Security Act (TDPSA) was signed into law by the Governor of Texas on July 1, 2023, having passed both the Texas State Senate and the Texas House of Representatives.

The TDPSA will enter into effect on July 1, 2024.

On February 16, 2023, the Texas Data Privacy and Security Act (TDPSA) was introduced to the Texas House of Representatives. Since then, the TDPSA has passed both the House and the Senate, and was signed on June 18, 2023, by the Governor of Texas. The TDPSA introduces obligations for both data controllers and data processors and the majority of its provisions will enter into force on July 1, 2024. OneTrust DataGuidance Research gives an overview of the Act.