Texas governor signs data breach notification bill

Texas Gov. Greg Abbott signed a data breach notification bill into law on Monday that requires the state’s attorney general to post a listing of breaches that involve at least 250 Texas residents.

In contrast to Texas House Bill 3746, California law requires that a minimum of 500 California residents be impacted for the California attorney general to be informed.

The Texas law, which takes effect Sept. 1, requires the Texas attorney general to post information on the breach that excludes sensitive personal information, any information that may compromise a data system’s security, and any other information that is confidential by law.

The listing must be updated no later than 30 days after the attorney general receives notification of a new breach of system security, and it must be removed by the notification’s first anniversary.

Entities that provide information to the attorney general on a data breach that affects more than 250 must disclose the breach by 60 days after it learns of it; include a detailed description of the breach, the number of residents affected and the number of residents that have been notified of it; the measures already taken in response and those it intends to take regarding the breach after notification.

It must also disclose information regarding whether law enforcement is involved in investigating the breach.