ARTICLE
17 July 2023

Texas Data Broker Requirements Become Law

KM
Klein Moynihan Turco LLP

Contributor

Klein Moynihan Turco LLP logo
Klein Moynihan Turco LLP (KMT) maintains an extensive practice, with an international client base, in the rapidly developing fields of Internet, telemarketing and mobile marketing law, sweepstakes and promotions law, gambling, fantasy sports and gaming law, data and consumer privacy law, intellectual property law and general corporate law.
Explore
On June 18, 2023, Texas Governor Greg Abbott signed SB 2105 into law. Titled "AN ACT relating to the registration of and certain other requirements relating to data brokers...
United States Privacy
Photo of David O. Klein
Authors
To print this article, all you need is to be registered or login on Mondaq.com.

On June 18, 2023, Texas Governor Greg Abbott signed SB 2105 into law. Titled "AN ACT relating to the registration of and certain other requirements relating to data brokers; providing a civil penalty and authorizing a fee," the law becomes the third data broker law, after that of Vermont and California, to require registration. Even though SB 2105 does not take effect until September 1, 2023, Texas data brokers should familiarize themselves with its requirements. The regulations contained in SB 2105 are significantly more stringent than data brokers operating in other states may be accustomed to.

Who Does Texas' New Data Broker Law Apply to?

The Texas data broker law applies to entities that, within a 12-month period:

  • Make at least 50% of their revenue from the processing or transferring of personal data that the data broker did not collect directly from the individuals to whom the data identifies; or
  • Profits from the processing or transferring of the personal data of more than 50,000 individuals from whom the data broker did not directly collect the data.

SB 2105 defines an "individual" as "a natural person residing" in Texas. One immediately noticeable difference between the Texas data broker law and those of Vermont and California is that it applies to entities that "process or transfer" personal data. This is notable because other state data broker laws only apply to entities that "sell" personal data. This closes a loophole through which data brokers in other states may claim that they are not subject to regulation because all they do is "transfer" data.

SB 2105 defines "personal data" to include "pseudonymous data." This is important because data brokers often combine multiple data sets, wherein individual pieces of data combine to identify a particular individual. By regulating pseudonymous data, data brokers will not be able to avoid regulation through a practice of breaking up an individual's personal information into various data sets for storage or transmission.

What are Some Key Provisions of the Texas Data Broker Law?

The primary purpose of SB 2105 is to address privacy, data security, discrimination, and transparency concerns. Texas data brokers will need to register with the Secretary of State by filing a registration statement and paying a registration fee of $300. This registration fee will need to be renewed, and the $300 fee paid, annually.

Texas' new data broker law also includes comprehensive information security program requirements. Among other obligations, Texas data brokers must:

  • Incorporate safeguards that are consistent with those required under similar state and federal laws;
  • Account for ongoing employee and contractor training on the proper use of data security procedures and protocols;
  • Provide a means for detecting and preventing security system failures; and
  • Encrypt all personal data that will travel across public networks or be transmitted wirelessly.

SB 2105 authorizes the Texas Attorney General to bring enforcement action against any data broker that violates the law's provisions. Under the new law, a civil penalty will be assessed in an amount of not less than "$100 for each day the entity is in violation." Penalties may not exceed $10,000 in a 12-month period. The Attorney General is also authorized to recover reasonable attorney's fees and court costs.

Hire Experienced Data Privacy Attorneys to Comply with the Texas Data Broker Law

Texas' new data broker law will take effect on September 1, 2023. Data brokers operating in Texas will gain more clarity on how to comply with the law once the Secretary of State promulgates regulations in accordance with SB 2105. The Secretary of State will have until December 1, 2023 to do so. Even though this is several months away, Texas data brokers should begin the compliance process now. Remember that SB 2105 is considerably more stringent than laws governing data brokers in other states. Furthermore, civil penalties accrue by the day, and putting compliance measures in place is not an instantaneous process. The attorneys at Klein Moynihan Turco have years of experience in advising companies on comprehensive privacy law compliance and are well-equipped to keep your business updated on significant regulatory developments.

Similar Blog Posts:

Connecticut Privacy Law Advances to House

How Does the Colorado Privacy Law Compare to the CCPA?

FTSA Amendment Bill Could Bring Clarity

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of David O. Klein
David O. Klein
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More