Texas Privacy and Data Security Laws
Privacy Plus+
Privacy, Technology and Perspective
Texas Privacy and Data Security Laws. This week, we compile various Texas statutes that directly address privacy and data security (this list does not include common law causes of action or other state or federal laws involving trade regulation or unfair competition):
Texas is one of three states to have a law that addresses biometrics. (See also Illinois Biometric Information Privacy Act (740 ILCS 14) (“BIPA”) and Washington (RCW § 19.375)). Tex. Bus. & Com. Code § 503.001 prohibits the collection and sale of “biometric identifiers” (narrowly defined) for a commercial purpose absent informed consent, and requiring the use of “reasonable care” in protecting such information. The statute also requires that biometric identifiers be destroyed within a “reasonable time,” but is silent as to the treatment of information derived from or based on an individual’s biometric identifier, and, unlike, BIPA, does not provide for a private right of action (rather only the Texas attorney general may bring an action to recover a civil penalty).
Follow this link to learn more about Texas’s Biometric law: https://statutes.capitol.texas.gov/Docs/BC/htm/BC.503.htm
The Texas Medical Records Privacy Act expands the protections of HIPAA. Tex. Health & Safety Code § 181 generally, it does this by:
· expanding the definition of “covered entity” to include “any person who…comes into possession of protected health information” [§ 181.001(b)(2)(B)], and thereby extends HIPAA requirements to those persons;
· requiring workforce training for those who handle protected health information [§181.001.154(a)]; and
· restricting electronic disclosure of protected health information without a separate authorization [§181.001.154(b)].
Follow this link to learn more about the Texas Medical Records Privacy Act: https://statutes.capitol.texas.gov/Docs/HS/htm/HS.181.htm.
The Texas Identity Theft Enforcement and Protection Act prohibits identity theft and imposes affirmative obligations on businesses. Specifically, Tex. Bus. & Com. Code § 521 prohibits obtaining, possessing, transferring, or using personal identifying information of another person without the other person's consent [§ 521.051], and imposes a duty on businesses to protect “sensitive personal information” (SPI = information about the physical or mental health or condition, provision of health care, Payment for the provision of health care to an individual) [§ 521.052].
Follow this link to learn more about more about the Texas Identity Theft Enforcement and Protection Act: https://statutes.capitol.texas.gov/Docs/BC/htm/BC.521.htm
Texas requires schools to address Cyberbullying. Texas Educational Code §§ 37.218 and 37.115 requires schools to respectively develop programming to address and assess threat related to, among other things, cyberbullying, defined as “bullying that is done through the use of any electronic communication device…a social media application, an Internet website, or any other Internet-based communication tool [§ 37.0832].
Follow this link to learn more about more about Texas’s cyberbullying law: https://statutes.capitol.texas.gov/Docs/ED/htm/ED.37.htm
Texas provides for consumer protection against spyware. Tex. Bus. & Com. Code § 324 prohibits, among other things, the unlawful collection or culling of “personally identifiable information” [§ 324.051], unauthorized access to or modification of computer settings, computer damage [§ 324.052], unauthorized interference with computer software [§ 324.053], and the unlawful use or sale of “zombies” or “botnets” [§ 324.055]. The statute also authorizes a private cause of action with some statutory penalties.
Follow this link to learn more about more about the Consumer Protection against Spyware Act: https://statutes.capitol.texas.gov/Docs/BC/htm/BC.324.htm
Texas imposes Information Security Standards for State Agencies. Texas Administrative Code, Chapter 202 sets forth baseline information security standards and practices for Texas state agencies and institutions of higher education.“
Follow this link to learn more about more about Chapter 202: https://texreg.sos.state.tx.us/public/readtac$ext.ViewTAC?tac_view=4&ti=1&pt=10&ch=202
Texas Criminal Laws address a wide variety of pernicious acts:
Tex. Penal Code Sec. 16.02 – Criminalizing wire-tapping – Prohibiting a person from intentionally intercepting a "wire, oral or electronic communication. (Under both Texas and federal law, the interception of a communication is not unlawful if one of the parties to the communication has given prior consent to the interception. TEX. PENAL CODE ANN. § 16.02(c)(4)(A)).
You may follow this link to learn more about the statute: https://statutes.capitol.texas.gov/Docs/PE/htm/PE.16.htm
Tex. Penal Code §. 16.06 – Criminalizing use of unlawful tracking devices – Prohibiting the unlawful installation of a tracking device. See id. § 16.06(b) ("A person commits an offense if the person knowingly installs an electronic or mechanical tracking device on a motor vehicle owned or leased by another person.").
You may follow this link to learn more about the statute: https://statutes.capitol.texas.gov/Docs/PE/htm/PE.16.htm
Tex. Penal Code Sec. 21.16 – Criminalizing revenge porn - A person commits an offense if:
without the effective consent of the depicted person, the person intentionally discloses visual material depicting another person with the person's intimate parts exposed or engaged in sexual conduct;
the visual material was obtained by the person or created under circumstances in which the depicted person had a reasonable expectation that the visual material would remain private;
the disclosure of the visual material causes harm to the depicted person; and
the disclosure of the visual material reveals the identity of the depicted person in any manner, including through: (A) any accompanying or subsequent information or material related to the visual material; or (B) information or material provided by a third party in response to the disclosure of the visual material.
You may follow this link to learn more about the statute: https://statutes.capitol.texas.gov/docs/PE/htm/PE.21.htm
Tex. Penal Code Sec. 32.51 – Criminalizing identity theft - A person commits fraudulent use or possession of identifying information, if the person, with the intent to harm or defraud another, obtains, possesses, transfers, or uses an item of identifying information of another person without the other person's consent.
You may follow this link to learn more about the statute: https://statutes.capitol.texas.gov/Docs/PE/htm/PE.32.htm
Tex. Penal Code Sec. 33 – Criminalizing a number of computer and Internet crimes – and prohibiting, among other things, unauthorized access to a computer, computer network, or computer system, use of ransomware or other electronic data tampering; online impersonation, and unauthorized decryption of private information.
You may follow this link to learn more about the statute: https://statutes.capitol.texas.gov/Docs/PE/htm/PE.33.htm
Tex. Penal Code 42.07 – Criminalizing harassment – Specifically prohibiting sending repeated electronic communications in a manner reasonably likely to harass, annoy, alarm, abuse, torment, embarrass, or offend another.
You may follow this link to learn more about the statute: https://statutes.capitol.texas.gov/Docs/PE/htm/PE.42.htm
Hosch & Morris, PLLC is a Dallas-based boutique law firm dedicated to data protection, privacy, the Internet and technology. Open the Future℠.