TX
Texas House Bill HB4761

Texas 2023 - 88th Regular

Texas House Bill HB4761 Latest Draft

Bill / Introduced Version Filed 03/10/2023

Download
.pdf .doc .html 
                            88R14400 SHH-D
 By: Lalani H.B. No. 4761


 A BILL TO BE ENTITLED
 AN ACT
 relating to the notification required following a breach of
 security of computerized data.
 BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
 SECTION 1.  Sections 521.053(b) and (i), Business & Commerce
 Code, are amended to read as follows:
 (b)  A person who conducts business in this state and owns or
 licenses computerized data that includes sensitive personal
 information shall disclose any breach of system security, after
 discovering or receiving notification of the breach, to any
 individual whose sensitive personal information was, or is
 reasonably believed to have been, acquired by an unauthorized
 person. The disclosure shall be made without unreasonable delay
 and in each case not later than the 30th [60th] day after the date on
 which the person determines that the breach occurred, except as
 provided by Subsection (d) or as necessary to determine the scope of
 the breach and restore the reasonable integrity of the data system.
 (i)  A person who is required to disclose or provide
 notification of a breach of system security under this section
 shall notify the attorney general of that breach not later than the
 30th [60th] day after the date on which the person determines that
 the breach occurred if the breach involves at least 250 residents of
 this state. The notification under this subsection must include:
 (1)  a detailed description of the nature and
 circumstances of the breach or the use of sensitive personal
 information acquired as a result of the breach;
 (2)  the number of residents of this state affected by
 the breach at the time of notification;
 (3)  the number of affected residents that have been
 sent a disclosure of the breach by mail or other direct method of
 communication at the time of notification;
 (4)  the measures taken by the person regarding the
 breach;
 (5)  any measures the person intends to take regarding
 the breach after the notification under this subsection; and
 (6)  information regarding whether law enforcement is
 engaged in investigating the breach.
 SECTION 2.  This Act takes effect September 1, 2023.