By: Dunnam H.B. No. 3513
A BILL TO BE ENTITLED
AN ACT
relating to the duty to protect and safeguard sensitive personal
information.
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
SECTION 1. Section 521.052, Business and Commerce Code, as
added by Chapter 885 (H.B. 2278), Acts of the 80th Legislature,
Regular Session, 2007, is amended to read as follows
Sec. 521.052. BUSINESS DUTY TO PROTECT SENSITIVE PERSONAL
INFORMATION. (a) A business shall implement and maintain
reasonable procedures, including taking any appropriate corrective
action, to protect from unlawful use or disclosure any sensitive
personal information collected or maintained by the business in the
regular course of business.
(b) A business shall destroy or arrange for the destruction
of customer records containing sensitive personal information
within the business's custody or control that are not to be retained
by the business by:
(1) shredding;
(2) erasing; or
(3) otherwise modifying the sensitive personal
information in the records to make the information unreadable or
indecipherable through any means.
(c) This section does not apply to a financial institution
as defined by 15 U.S.C. Section 6809.
(d) As used in this section, "business" includes a nonprofit
athletic or sports association.
SECTION 2. This Act takes effect immediately if it receives
a vote of two-thirds of all the members elected to each house, as
provided by Section 39, Article III, Texas Constitution. If this
Act does not receive the vote necessary for immediate effect, this
Act takes effect September 1, 2009.