87R10663 MLH-F
By: Capriglione H.B. No. 3746
A BILL TO BE ENTITLED
AN ACT
relating to certain notifications required following a breach of
security of computerized data.
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
SECTION 1. Section 521.053, Business & Commerce Code, is
amended by amending Subsection (i) and adding Subsection (j) to
read as follows:
(i) A person who is required to disclose or provide
notification of a breach of system security under this section
shall notify the attorney general of that breach not later than the
60th day after the date on which the person determines that the
breach occurred if the breach involves at least 250 residents of
this state. The notification under this subsection must include:
(1) a detailed description of the nature and
circumstances of the breach or the use of sensitive personal
information acquired as a result of the breach;
(2) the number of residents of this state affected by
the breach at the time of notification;
(3) the number of affected residents that have been
sent a disclosure of the breach by mail or other direct method of
communication at the time of notification;
(4) the measures taken by the person regarding the
breach;
(5) [(4)] any measures the person intends to take
regarding the breach after the notification under this subsection;
and
(6) [(5)] information regarding whether law
enforcement is engaged in investigating the breach.
(j) The attorney general shall post on the attorney
general's publicly accessible Internet website a comprehensive
listing of the notifications received by the attorney general under
Subsection (i), excluding any sensitive personal information that
may have been reported to the attorney general under that
subsection and any other information reported to the attorney
general that is made confidential by law. The listing must be
updated not later than the 30th day after the date the attorney
general receives notification of a new breach of system security.
SECTION 2. This Act takes effect September 1, 2021.