Bill Text: TX HB4761 | 2023-2024 | 88th Legislature | Introduced
Bill Title: Relating to the notification required following a breach of security of computerized data.
Spectrum: Partisan Bill (Democrat 1-0)
Status: (Introduced - Dead) 2023-03-22 - Referred to Business & Industry [HB4761 Detail]
Download: Texas-2023-HB4761-Introduced.html
| 88R14400 SHH-D | ||
| By: Lalani | H.B. No. 4761 | |
|
|
||
|
|
||
| relating to the notification required following a breach of | ||
| security of computerized data. | ||
| BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: | ||
| SECTION 1. Sections 521.053(b) and (i), Business & Commerce | ||
| Code, are amended to read as follows: | ||
| (b) A person who conducts business in this state and owns or | ||
| licenses computerized data that includes sensitive personal | ||
| information shall disclose any breach of system security, after | ||
| discovering or receiving notification of the breach, to any | ||
| individual whose sensitive personal information was, or is | ||
| reasonably believed to have been, acquired by an unauthorized | ||
| person. The disclosure shall be made without unreasonable delay | ||
| and in each case not later than the 30th [ |
||
| which the person determines that the breach occurred, except as | ||
| provided by Subsection (d) or as necessary to determine the scope of | ||
| the breach and restore the reasonable integrity of the data system. | ||
| (i) A person who is required to disclose or provide | ||
| notification of a breach of system security under this section | ||
| shall notify the attorney general of that breach not later than the | ||
| 30th [ |
||
| the breach occurred if the breach involves at least 250 residents of | ||
| this state. The notification under this subsection must include: | ||
| (1) a detailed description of the nature and | ||
| circumstances of the breach or the use of sensitive personal | ||
| information acquired as a result of the breach; | ||
| (2) the number of residents of this state affected by | ||
| the breach at the time of notification; | ||
| (3) the number of affected residents that have been | ||
| sent a disclosure of the breach by mail or other direct method of | ||
| communication at the time of notification; | ||
| (4) the measures taken by the person regarding the | ||
| breach; | ||
| (5) any measures the person intends to take regarding | ||
| the breach after the notification under this subsection; and | ||
| (6) information regarding whether law enforcement is | ||
| engaged in investigating the breach. | ||
| SECTION 2. This Act takes effect September 1, 2023. | ||
