May 10, 2024

New Data Privacy Law in Texas: A New State Law Takes Effect on July 1, 2024

Government Affairs Update

By Kenneth Besserman, TXCPA’s Director of Government Affairs and Special Counsel

The Texas Data Privacy and Security Act (TDPSA) was signed into law in June 2023 and will take effect on July 1, 2024. Texas became the sixth state to pass a major data privacy law in 2023.

This comprehensive legislation aims to regulate how businesses collect, use and protect the personal data of Texas residents. CPAs should be aware of the new legislation for their own business purposes and advising clients.

Key Provisions of the TDPSA

Scope

The TDPSA applies to entities that:

  • Conduct business in Texas or produce a product or service consumed by residents of the state;
  • Process or sell any volume of personal data; and
  • Are not a small business, as defined by the U.S. Small Business Administration.

The TDPSA does not apply to:

  • Nonprofits;
  • State agencies and political subdivisions;
  • Financial institutions subject to the Gramm-Leach-Bliley Act;
  • Covered entities and business associates governed by HIPAA; and
  • Institutions of higher education.

The TDPSA also specifically exempts electric utilities, power generation companies and retail electric providers.

Consumer Rights

Consumers have the right to:

  • Confirm whether a controller is processing their personal data and access such personal data;
  • Correct inaccuracies in the consumer’s personal data;
  • Delete personal data provided by or obtained about the consumer;
  • Obtain a portable copy of the consumer’s personal data; and
  • Opt-out of processing for purposes of targeted advertising, sale of personal data or profiling.

Consumers also have the right to appeal a controller’s refusal to take action on a consumer request to exercise their rights.

Sensitive Data Focus. The TDPSA uniquely requires consumer consent before processing "sensitive personal data," which includes data such as Social Security numbers, passport numbers and precise geolocation data. If a controller sells sensitive data or biometric data, it must post a specific notice (i.e., “NOTICE: We may sell your [sensitive/biometric] personal data.”) in its privacy notice.

Assessments. Businesses are required to conduct a data protection impact assessment on the processing of personal data for targeted advertising, the sale of personal data, profiling, sensitive data, and any processing activities that involve personal data that present a heightened risk of harm to consumers.

Enforcement. The TDPSA authorizes the Texas Attorney General to enforce the Act. The AG provides a 30-day cure period, which does not sunset. For violations that are not cured, the AG may seek up to $7,500 in civil penalties per violation. The law also mandates that the AG provide controllers, processors and consumers with information on their rights and responsibilities on the AG’s website, along with an online portal for submitting complaints.

The TDPSA may have a significant impact on businesses that operate in Texas or handle data of Texas residents. Some potential impacts include the following.

  • Increased compliance costs to comply with the various requirements of the TDPSA, such as:
  • Developing and maintaining a clear and comprehensive privacy notice;
  • Implementing processes to handle consumer data requests (access, correction, deletion, etc.);
  • Conducting data protection assessments for high-risk processing activities; and
  • Updating data security measures to meet the "reasonable security" standard.

Operational Adjustments. Businesses may need to adjust their data collection practices to ensure they only collect data that's "reasonably necessary and proportionate" to their purpose. They may also need to modify their data usage and sharing practices to comply with consumer opt-out rights.

Impact on Marketing and Advertising. Businesses relying on targeted advertising or data-driven marketing strategies may need to adapt their approach to comply with the TDPSA's restrictions on the sale of personal data and opt-out rights for targeted advertising.

Potential Benefits

Improved Customer Trust and Brand Reputation. Implementing strong data privacy practices can enhance customer trust and loyalty, potentially leading to positive brand reputation.

Enhanced Data Security Posture. The focus on reasonable data security measures can lead to improved protection of consumer data, potentially reducing the risk of data breaches and associated costs.

Alignment with Evolving Data Privacy Landscape. As data privacy regulations continue to evolve, complying with the TDPSA can help businesses prepare for and adapt to future regulations in other states or at the federal level.

Overall, the impact of the TDPSA on businesses will depend on several factors, including the size and nature of the business, its data practices and its existing data security posture. While compliance will require effort and resources, it can also present opportunities to improve data management practices, build trust with customers and prepare for the evolving data privacy landscape.

You can read more about the new law on our website here.

About the Author: Kenneth Besserman, JD, is TXCPA’s Director of Government Affairs and Special Counsel.

  • TXCPA’s 2024 Rising Stars

    TXCPA's Rising Stars Program shines a spotlight on CPAs under 40 who are making a remarkable impact. These 18 honorees stand out for their leadership, commitment to the accounting profession and service to their communities. Join us in congratulating the 2024 Rising Stars!
    View Article
  • CPE: Update on Financial Reporting for Joint Venture Formation

    Joint ventures are powerful tools that allow companies to pool resources and technologies to innovate with new products, services and markets. Accounting Standards Update 2023-03 now fills a critical gap by setting new financial reporting standards specifically for joint venture formation. This article explores what finance professionals need to know about the guidance.
    View Article
  • What’s Happening Around Texas - November-December 2024

    Learn about some of the recent events and activities that happened around the state in the TXCPA chapters.
    View Article
  • Mitigating Medicare Mistakes: The CPA’s Role in Navigating IRMAA Challenges

    Navigating Medicare's Income-Related Monthly Adjustment Amount (IRMAA) can be challenging, especially for higher-income individuals who face additional premiums for Medicare Parts B and D. As CPAs, you play a crucial role in helping clients understand and plan for these potential extra costs, using your tax and financial expertise to guide them through Medicare’s complexities. This article explores strategies that can assist in minimizing IRMAA-related surprises.
    View Article
  • Pink-Collar Crime: An Interview with Kelly Paxton

    Kelly Paxton, a former U.S. Customs agent and expert in pink-collar crime, discusses the world of workplace embezzlement, which disproportionately involves women in lower to mid-level positions. Her insights emphasize that these are often crimes of opportunity rather than intent, making vigilance and ethical leadership essential in safeguarding against them.
    View Article
  • Celebrating Our 2024 Rising Stars!

    This issue of Today’s CPA is arguably one of the most anticipated issues of the year, where we celebrate the Rising Star Award winners! These young members are future leaders and innovators, shaping the future of TXCPA and inspiring the next generation of CPAs. They bring fresh ideas and excellence to our profession.
    View Article
  • Are Noncompete Agreements a Thing of the Past?

    In the world of business, protecting a competitive edge often means using noncompete agreements to keep valuable knowledge in-house. The FTC recently moved to limit noncompete agreements, banning most new ones as of September 2024, but this decision faces legal challenges. Until legal battles are resolved, businesses are expected to continue cautiously enforcing noncompete agreements.
    View Article
  • The 2024 Election and What it Means for Texas

    In the November 2024 election, Americans cast their votes for President, Congress, state offices and a host of local races. The 2024 election season felt especially long, marked by heated debates and high voter engagement. Here’s a summary of results and a look ahead to the key issues expected to shape the 2025 Texas legislative session.
    View Article
  • Take Note

    In this edition of Take Note: TXCPA's Career Center; Join the Key Persons Program; November is Accounting Opportunities Month and TXCPA Month of Service; Protect What Matters Most with Member Insurance; TXCPA’s Advocacy Day and Midyear Leadership Council Meeting on January 28-29; Accountants Confidential Assistance Network
    View Article
  • Classifieds

    The classified ad section offers a dynamic marketplace, featuring listings for practice owners looking to sell, professionals seeking firms to purchase and a variety of specialized services. Whether you're looking to expand, sell or explore niche opportunities, this section connects professionals with valuable business prospects and resources.
    View Article

CHAIR
Mohan Kuruvilla, Ph.D., CPA

PRESIDENT/CEO
Jodi Ann Ray, CAE, CCE, IOM

CHIEF OPERATING OFFICER
Melinda Bentley, CAE

EDITORIAL BOARD CHAIR
Jennifer Johnson, CPA

MANAGER, MARKETING AND COMMUNICATIONS
Peggy Foley
pfoley@tx.cpa

MANAGING EDITOR
DeLynn Deakins
ddeakins@tx.cpa

COLUMN EDITOR
Don Carpenter, MSAcc/CPA

DIGITAL MARKETING SPECIALIST
Wayne Hardin, CDMP, PCM®

CLASSIFIEDS
DeLynn Deakins

Texas Society of CPAs
14131 Midway Rd., Suite 850
Addison, TX 75001
972-687-8550
ddeakins@tx.cpa

 

Editorial Board
Derrick Bonyuet-Lee, CPA-Austin;
Aaron Borden, CPA-Dallas;
Don Carpenter, CPA-Central Texas;
Rhonda Fronk, CPA-Houston;
Aaron Harris, CPA-Dallas;
Baria Jaroudi, CPA-Houston;
Elle Kathryn Johnson, CPA-Houston;
Jennifer Johnson, CPA-Dallas;
Lucas LaChance, CPA-Dallas, CIA;
Nicholas Larson, CPA-Fort Worth;
Anne-Marie Lelkes, CPA-Corpus Christi;
Bryan Morgan, Jr, CPA-Austin;
Stephanie Morgan, CPA-East Texas;
Kamala Raghavan, CPA-Houston;
Amber Louise Rourke, CPA-Brazos Valley;
Nikki Lee Shoemaker, CPA-East Texas, CGMA;
Natasha Winn, CPA-Houston.

CONTRIBUTORS
Melinda Bentley; Kenneth Besserman; Holly McCauley; Shicoyia Morgan; Craig Nauta; Kari Owen; John Ross; Lani Shepherd; April Twaddle; Patty Wyatt

 

Your TXCPA membership has not been renewed for 2024 -2025. Renew now.