May 10, 2024

New Data Privacy Law in Texas: A New State Law Takes Effect on July 1, 2024

Government Affairs Update

By Kenneth Besserman, TXCPA’s Director of Government Affairs and Special Counsel

The Texas Data Privacy and Security Act (TDPSA) was signed into law in June 2023 and will take effect on July 1, 2024. Texas became the sixth state to pass a major data privacy law in 2023.

This comprehensive legislation aims to regulate how businesses collect, use and protect the personal data of Texas residents. CPAs should be aware of the new legislation for their own business purposes and advising clients.

Key Provisions of the TDPSA

Scope

The TDPSA applies to entities that:

  • Conduct business in Texas or produce a product or service consumed by residents of the state;
  • Process or sell any volume of personal data; and
  • Are not a small business, as defined by the U.S. Small Business Administration.

The TDPSA does not apply to:

  • Nonprofits;
  • State agencies and political subdivisions;
  • Financial institutions subject to the Gramm-Leach-Bliley Act;
  • Covered entities and business associates governed by HIPAA; and
  • Institutions of higher education.

The TDPSA also specifically exempts electric utilities, power generation companies and retail electric providers.

Consumer Rights

Consumers have the right to:

  • Confirm whether a controller is processing their personal data and access such personal data;
  • Correct inaccuracies in the consumer’s personal data;
  • Delete personal data provided by or obtained about the consumer;
  • Obtain a portable copy of the consumer’s personal data; and
  • Opt-out of processing for purposes of targeted advertising, sale of personal data or profiling.

Consumers also have the right to appeal a controller’s refusal to take action on a consumer request to exercise their rights.

Sensitive Data Focus. The TDPSA uniquely requires consumer consent before processing "sensitive personal data," which includes data such as Social Security numbers, passport numbers and precise geolocation data. If a controller sells sensitive data or biometric data, it must post a specific notice (i.e., “NOTICE: We may sell your [sensitive/biometric] personal data.”) in its privacy notice.

Assessments. Businesses are required to conduct a data protection impact assessment on the processing of personal data for targeted advertising, the sale of personal data, profiling, sensitive data, and any processing activities that involve personal data that present a heightened risk of harm to consumers.

Enforcement. The TDPSA authorizes the Texas Attorney General to enforce the Act. The AG provides a 30-day cure period, which does not sunset. For violations that are not cured, the AG may seek up to $7,500 in civil penalties per violation. The law also mandates that the AG provide controllers, processors and consumers with information on their rights and responsibilities on the AG’s website, along with an online portal for submitting complaints.

The TDPSA may have a significant impact on businesses that operate in Texas or handle data of Texas residents. Some potential impacts include the following.

  • Increased compliance costs to comply with the various requirements of the TDPSA, such as:
  • Developing and maintaining a clear and comprehensive privacy notice;
  • Implementing processes to handle consumer data requests (access, correction, deletion, etc.);
  • Conducting data protection assessments for high-risk processing activities; and
  • Updating data security measures to meet the "reasonable security" standard.

Operational Adjustments. Businesses may need to adjust their data collection practices to ensure they only collect data that's "reasonably necessary and proportionate" to their purpose. They may also need to modify their data usage and sharing practices to comply with consumer opt-out rights.

Impact on Marketing and Advertising. Businesses relying on targeted advertising or data-driven marketing strategies may need to adapt their approach to comply with the TDPSA's restrictions on the sale of personal data and opt-out rights for targeted advertising.

Potential Benefits

Improved Customer Trust and Brand Reputation. Implementing strong data privacy practices can enhance customer trust and loyalty, potentially leading to positive brand reputation.

Enhanced Data Security Posture. The focus on reasonable data security measures can lead to improved protection of consumer data, potentially reducing the risk of data breaches and associated costs.

Alignment with Evolving Data Privacy Landscape. As data privacy regulations continue to evolve, complying with the TDPSA can help businesses prepare for and adapt to future regulations in other states or at the federal level.

Overall, the impact of the TDPSA on businesses will depend on several factors, including the size and nature of the business, its data practices and its existing data security posture. While compliance will require effort and resources, it can also present opportunities to improve data management practices, build trust with customers and prepare for the evolving data privacy landscape.

You can read more about the new law on our website here.

About the Author: Kenneth Besserman, JD, is TXCPA’s Director of Government Affairs and Special Counsel.

  • Meet TXCPA’s 2025-2026 Chair Billy Kelley

    Billy Kelley, CPA and managing partner at Dutton, Harris & Co, is the 2025-2026 Chair of TXCPA. With a background in public accounting, industry and entrepreneurship, he is passionate about leadership, mentorship and strengthening the CPA pipeline.
    View Article
  • CPE: What to Know About Profits Interest

    Profits interest is a form of partnership ownership that offers recipients a share of future profits without a capital contribution. While offering strategic advantages, profits-interest contracts involve complex tax and accounting considerations and remain subject to potential regulatory changes.
    View Article
    CPE Creditable
  • What’s Happening Around Texas - July-August 2025

    Members in Austin held a happy hour to wrap up tax season and Houston members volunteered at the Botanic Gardens. Permian Basin members teamed up with UTPB students for a city cleanup. Southeast Texas gathered for a Spring Meeting and Victoria enjoyed a festive Member Appreciation Event.
    View Article
  • 2025-2026 TXCPA Chapter Officers

    Introducing TXCPA’s 2025-2026 chapter leaders – a dynamic group of professionals ready to elevate the accounting profession. With passion, purpose and a bold vision, they’ll guide our chapters forward and help shape the future of TXCPA across the state.
    View Article
  • Optimizing Auditor Precision: Addressing Biases in Large Language Model Technologies

    Large Language Models (LLMs) are transforming accounting and auditing by improving efficiency, uncovering financial trends and analyzing unstructured data, but using them also introduces risks, especially biases from training data and algorithms. Professionals are encouraged to stay educated on AI trends to use LLMs effectively.
    View Article
  • Meet the Chair

    In his first message as TXCPA Chair, Billy Kelley discusses his passion for TXCPA and goals for the year. He also reflects on the recent Annual Meeting in Galveston and encourages member engagement.
    View Article
  • TXCPA’s Successes and Key Issues from the 89th Texas Legislative Session

    TXCPA had a highly successful 89th Legislative Session, securing two major wins. Senate Bill 262 creates an additional pathway to CPA licensure and Senate Bill 522 modernizes CPA practice mobility. These achievements strengthen the CPA pipeline and protect the public.
    View Article
  • How ESG Can Create Value for Your Business

    The SEC has introduced climate-related disclosure rules to improve transparency for investors, sparking both support and criticism. This article highlights how businesses can view Environmental, Social and Governance (ESG) not just as a compliance issue but as a value-creating strategy.
    View Article
  • Increasing Your Marketing Prowess: How CPAs Can Market with Confidence

    This article discusses common misconceptions that CPAs have about marketing and how even the most successful innovators have marketed their ideas effectively. It offers practical tips for CPAs to market themselves authentically by focusing on excellent client service, continuously improving their skills and committing to execution.
    View Article
  • Take Note

    In this edition of Take Note: Accounting Opportunities Month; TXCPA Leadership Nominations; Accountants Confidential Assistance Network (ACAN); CGMA® Designation for Management Accountants; TXCPA’s 2025 CPE Programs; Accounting Excellence Awards Presented
    View Article
  • Classifieds

    The classified ad section features listings for practice sales, firm buyers and specialized services. Whether you're expanding, selling or exploring niche opportunities, these ads connect you to valuable prospects and resources.
    View Article

CHAIR
Mohan Kuruvilla, Ph.D., CPA

PRESIDENT/CEO
Jodi Ann Ray, CAE, CCE, IOM

CHIEF OPERATING OFFICER
Melinda Bentley, CAE

EDITORIAL BOARD CHAIR
Jennifer Johnson, CPA

MANAGER, MARKETING AND COMMUNICATIONS
Peggy Foley
pfoley@tx.cpa

MANAGING EDITOR
DeLynn Deakins
ddeakins@tx.cpa

COLUMN EDITOR
Don Carpenter, MSAcc/CPA

DIGITAL MARKETING SPECIALIST
Wayne Hardin, CDMP, PCM®

CLASSIFIEDS
DeLynn Deakins

Texas Society of CPAs
14131 Midway Rd., Suite 850
Addison, TX 75001
972-687-8550
ddeakins@tx.cpa

 

Editorial Board
Derrick Bonyuet-Lee, CPA-Austin;
Aaron Borden, CPA-Dallas;
Don Carpenter, CPA-Central Texas;
Rhonda Fronk, CPA-Houston;
Aaron Harris, CPA-Dallas;
Baria Jaroudi, CPA-Houston;
Elle Kathryn Johnson, CPA-Houston;
Jennifer Johnson, CPA-Dallas;
Lucas LaChance, CPA-Dallas, CIA;
Nicholas Larson, CPA-Fort Worth;
Anne-Marie Lelkes, CPA-Corpus Christi;
Bryan Morgan, Jr, CPA-Austin;
Stephanie Morgan, CPA-East Texas;
Kamala Raghavan, CPA-Houston;
Amber Louise Rourke, CPA-Brazos Valley;
Shilpa Boggram Sathyamurthy, CPA-Houston, CA
Nikki Lee Shoemaker, CPA-East Texas, CGMA;
Natasha Winn, CPA-Houston.

CONTRIBUTORS
Melinda Bentley; Kenneth Besserman; Kristie Estrada; Holly McCauley; Craig Nauta; Kari Owen; John Ross; Lani Shepherd; April Twaddle; Patty Wyatt