May 10, 2024

New Data Privacy Law in Texas: A New State Law Takes Effect on July 1, 2024

Government Affairs Update

By Kenneth Besserman, TXCPA’s Director of Government Affairs and Special Counsel

The Texas Data Privacy and Security Act (TDPSA) was signed into law in June 2023 and will take effect on July 1, 2024. Texas became the sixth state to pass a major data privacy law in 2023.

This comprehensive legislation aims to regulate how businesses collect, use and protect the personal data of Texas residents. CPAs should be aware of the new legislation for their own business purposes and advising clients.

Key Provisions of the TDPSA

Scope

The TDPSA applies to entities that:

  • Conduct business in Texas or produce a product or service consumed by residents of the state;
  • Process or sell any volume of personal data; and
  • Are not a small business, as defined by the U.S. Small Business Administration.

The TDPSA does not apply to:

  • Nonprofits;
  • State agencies and political subdivisions;
  • Financial institutions subject to the Gramm-Leach-Bliley Act;
  • Covered entities and business associates governed by HIPAA; and
  • Institutions of higher education.

The TDPSA also specifically exempts electric utilities, power generation companies and retail electric providers.

Consumer Rights

Consumers have the right to:

  • Confirm whether a controller is processing their personal data and access such personal data;
  • Correct inaccuracies in the consumer’s personal data;
  • Delete personal data provided by or obtained about the consumer;
  • Obtain a portable copy of the consumer’s personal data; and
  • Opt-out of processing for purposes of targeted advertising, sale of personal data or profiling.

Consumers also have the right to appeal a controller’s refusal to take action on a consumer request to exercise their rights.

Sensitive Data Focus. The TDPSA uniquely requires consumer consent before processing "sensitive personal data," which includes data such as Social Security numbers, passport numbers and precise geolocation data. If a controller sells sensitive data or biometric data, it must post a specific notice (i.e., “NOTICE: We may sell your [sensitive/biometric] personal data.”) in its privacy notice.

Assessments. Businesses are required to conduct a data protection impact assessment on the processing of personal data for targeted advertising, the sale of personal data, profiling, sensitive data, and any processing activities that involve personal data that present a heightened risk of harm to consumers.

Enforcement. The TDPSA authorizes the Texas Attorney General to enforce the Act. The AG provides a 30-day cure period, which does not sunset. For violations that are not cured, the AG may seek up to $7,500 in civil penalties per violation. The law also mandates that the AG provide controllers, processors and consumers with information on their rights and responsibilities on the AG’s website, along with an online portal for submitting complaints.

The TDPSA may have a significant impact on businesses that operate in Texas or handle data of Texas residents. Some potential impacts include the following.

  • Increased compliance costs to comply with the various requirements of the TDPSA, such as:
  • Developing and maintaining a clear and comprehensive privacy notice;
  • Implementing processes to handle consumer data requests (access, correction, deletion, etc.);
  • Conducting data protection assessments for high-risk processing activities; and
  • Updating data security measures to meet the "reasonable security" standard.

Operational Adjustments. Businesses may need to adjust their data collection practices to ensure they only collect data that's "reasonably necessary and proportionate" to their purpose. They may also need to modify their data usage and sharing practices to comply with consumer opt-out rights.

Impact on Marketing and Advertising. Businesses relying on targeted advertising or data-driven marketing strategies may need to adapt their approach to comply with the TDPSA's restrictions on the sale of personal data and opt-out rights for targeted advertising.

Potential Benefits

Improved Customer Trust and Brand Reputation. Implementing strong data privacy practices can enhance customer trust and loyalty, potentially leading to positive brand reputation.

Enhanced Data Security Posture. The focus on reasonable data security measures can lead to improved protection of consumer data, potentially reducing the risk of data breaches and associated costs.

Alignment with Evolving Data Privacy Landscape. As data privacy regulations continue to evolve, complying with the TDPSA can help businesses prepare for and adapt to future regulations in other states or at the federal level.

Overall, the impact of the TDPSA on businesses will depend on several factors, including the size and nature of the business, its data practices and its existing data security posture. While compliance will require effort and resources, it can also present opportunities to improve data management practices, build trust with customers and prepare for the evolving data privacy landscape.

You can read more about the new law on our website here.

About the Author: Kenneth Besserman, JD, is TXCPA’s Director of Government Affairs and Special Counsel.

  • TXCPA Employer Guide

    Take Note

    In this edition of Take Note: TXCPA Connects With 2,800+ Students During Accounting Opportunities Month; Purchase a Listing in TXCPA’s New Employer Guide; TXCPA’s Career Center; Top Meditation Apps; Leadership Nominations; TXCPA Recognizes 2023-2024 Award Recipients
    View Article
  • Spotlight on Cyber Insurance

    Cyber insurance is essential for protecting businesses from the increasing frequency and cost of cyberattacks. Standalone cyber insurance policies provide comprehensive coverage, including incident response, business interruption, cybercrime, and privacy liability. This insurance is particularly crucial for accounting firms, which are frequent targets of cyberattacks, helping them mitigate financial and reputational damages.
    View Article
    TXCPA Insurance Trust
  • professional corporation (PC)

    Will Others Follow BDO’s Lead to Attract and Retain Staff?

    Facing a decline in new entrants and retention issues, BDO USA implemented an Employee Stock Ownership Plan (ESOP), departing from the traditional partnership model. This shift gives BDO's employees ownership stakes, aligning their interests with the firm's long-term success. This move may set a precedent for other large and mid-market firms to follow.
    View Article
  • The 2024 Election and the Upcoming 2025 Legislative Session

    The 89th Session of the Texas Legislature starts on January 14, 2025, following a tumultuous 2024 election season where the Texas House saw many incumbents defeated and significant political upheaval. TXCPA invites input on important legislative issues as we prepare for the upcoming session.
    View Article
    Texas political landscape
  • TXCPA Chair Mohan Kuruvilla

    Tackling the Talent Shortage

    The July/August issue of Today's CPA features the first message from our new TXCPA Chair. He writes that it's an exciting time for accounting educators, particularly in light of TXCPA's multi-year CPA Pipeline Strategy and involvement with AICPA's National Pipeline Advisory Group, all aimed at addressing the talent shortage in the accounting profession.
    View Article
  • 2024-2025 TXCPA Chapter Officers

    See the listing of new TXCPA chapter officers. This dedicated group of volunteers will be leading the chapters in the 2024-2025 year.
    View Article
    chapter-map-coded-by-size TXCPA chapters
  • TXCPA Victoria

    What’s Happening Around Texas

    In What’s Happening Around Texas, we give you highlights of events and activities happening around the state in TXCPA and the TXCPA chapters.
    View Article
  • Corporate Transparency Act: An Update

    Now that 60 days have passed since the Corporate Transparency Act was implemented, this article provides an update on the latest issues. Even if CPAs are not responsible for BOI filings, they should monitor changes in guidance and relay this information to their clients to keep them aware.
    View Article
    Unauthorized practice of law
  • warrants

    CPE: Distinguishing Debts from Equity - Warrants Issued in Conjunction with Debt Instruments

    Stock warrants give an entity the right to buy or sell a security at a set price before a certain date, deriving value from their underlying asset, similar to stock options. Companies may issue these warrants alongside equity or debt instruments. This article focuses on warrants issued with debt instruments, analyzing their classifications and accounting implications based on ASC guidance.
    View Article
  • Introducing Our New Chair, Mohan Kuruvilla

    Mohan Kuruvilla, Ph.D., CPA-Houston, is serving as TXCPA's Chair for 2024-2025. His focus is on modernizing accounting education with data analytics and AI while addressing the talent shortage through experiential learning and stronger academic-employer partnerships. His objectives for the year include promoting continuous learning and attracting students to the accounting profession.
    View Article
    University of Houston

 

 

CHAIR
Mohan Kuruvilla, Ph.D., CPA

PRESIDENT/CEO
Jodi Ann Ray, CAE, CCE, IOM

CHIEF OPERATING OFFICER
Melinda Bentley, CAE

EDITORIAL BOARD CHAIR
Jennifer Johnson, CPA

MANAGING EDITOR
DeLynn Deakins
ddeakins@tx.cpa

COLUMN EDITOR
Don Carpenter, MSAcc/CPA

WEB EDITOR
Wayne Hardin

CLASSIFIEDS
DeLynn Deakins

Texas Society of CPAs
14131 Midway Rd., Suite 850
Addison, TX 75001
972-687-8550
ddeakins@tx.cpa

 

Editorial Board
Shivam Arora, CPA-Dallas;
Derrick Bonyuet-Lee, CPA-Austin;
Aaron Borden, CPA-Dallas;
Don Carpenter, CPA-Central Texas;
Melissa Frazier, CPA-Houston;
Rhonda Fronk, CPA-Houston;
Aaron Harris, CPA-Dallas;
Baria Jaroudi, CPA-Houston;
Elle Kathryn Johnson, CPA-Houston;
Jennifer Johnson, CPA-Dallas;
Joseph Krupka, CPA-Dallas;
Lucas LaChance, CPA-Dallas, CIA;
Nicholas Larson, CPA-Fort Worth;
Anne-Marie Lelkes, CPA-Corpus Christi;
Bryan Morgan, Jr, CPA-Austin;
Stephanie Morgan, CPA-East Texas;
Kamala Raghavan, CPA-Houston;
Amber Louise Rourke, CPA-Brazos Valley;
Nikki Lee Shoemaker, CPA-East Texas, CGMA;
Natasha Winn, CPAHouston.

CONTRIBUTORS
Melinda Bentley; Kenneth Besserman; Holly McCauley; Shicoyia Morgan; Craig Nauta; Kari Owen; John Ross; April Twaddle

 

Your TXCPA membership has not been renewed for 2024 -2025. Renew now.