Did you know: FEMA reports say that 25% of businesses that experience a data breach end up going out of business either due to financial penalties and loss, or the reputation damage it can cause.
In the ever-evolving digital landscape, Texas business owners face unique challenges in protecting their sensitive data. A data breach can be a critical setback, jeopardizing the integrity and reputation of your business. Navigating Texas data breach notification laws and taking proactive steps to safeguard your business is essential. Here’s what every Texas business owner needs to know.
Understanding Texas Data Breach Notification Laws
Texas law mandates stringent protocols for PRIVATE AND PUBLIC businesses experiencing a data breach. Key requirements include:
- Notification Timelines: Businesses and organizations must notify affected consumers impacted by the data breach.
- Notification to the Office of the Texas Attorney General: If over 250 Texas residents are affected, the Office of the Texas Attorney General must also be notified as soon as practically possible and no later than 30 days after the discovery of the breach. Effective September 1, 2023, Texas law requires that all reports be submitted electronically using the Data Breach Report provided by the OAG.
- Specific Content Requirements: Notifications must contain a detailed description of the breach, measures taken, and law enforcement involvement.
- Consequences of Non-Compliance: Civil penalties for non-compliance can be substantial, emphasizing the importance of adherence. $2,000-50,000 per incident, plus $100 per record per day you do not disclose the breach!
How do I submit the required Data Breach Report to the Texas Attorney General’s Office?
Fill out the Data Breach Report form and submit it electronically.
Before you fill out the report form, here is what you need to know:
- The Data Breach Report webform should be completed ONLY by an authorized agent of the business or organization that experienced the breach. This will usually be the owner, manager, officer, attorney, or representative who can affirm that he or she is authorized to submit the report.
- The system can NOT save your report form, so you need to complete it in one sitting.
- To prepare, you can preview the Data Breach Report form.
- Do NOT hit the “back” button on your browser, or your submission will be cleared.
- Your completed Data Breach Report is potentially an open record. This means that members of the general public may file an open records request to obtain a copy of your completed report form.
- If your business or organization experienced more than one breach, please submit a separate Data Breach Report for each.
- If your business or organization previously reported a breach and is providing supplemental or updated information, be sure that your new report reflects the TOTAL number of affected and notified consumers to date and that it includes ALL types of Personal Information identified as affected in the breach.
What happens after I submit my completed Data Breach Report?
- You will automatically receive a confirmation email to let you know that your report was successfully submitted. You will also receive a record number. Retain that email and your assigned record number for your files.
- The Consumer Protection Division of the Attorney General’s office will contact you with follow up questions, if any.
- The Office of the Attorney General provides a required listing of the data breach reports received by the AG at the AG’s website.