| S.B. No. 768 | ||
|
|
||
| relating to the process for notifying the attorney general of a | ||
| breach of security of computerized data by persons doing business | ||
| in this state. | ||
| BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: | ||
| SECTION 1. Sections 521.053(i) and (j), Business & Commerce | ||
| Code, are amended to read as follows: | ||
| (i) A person who is required to disclose or provide | ||
| notification of a breach of system security under this section | ||
| shall notify the attorney general of that breach as soon as | ||
| practicable and not later than the 30th [ |
||
| which the person determines that the breach occurred if the breach | ||
| involves at least 250 residents of this state. The notification | ||
| under this subsection must be submitted electronically using a form | ||
| accessed through the attorney general's Internet website and must | ||
| include: | ||
| (1) a detailed description of the nature and | ||
| circumstances of the breach or the use of sensitive personal | ||
| information acquired as a result of the breach; | ||
| (2) the number of residents of this state affected by | ||
| the breach at the time of notification; | ||
| (3) the number of affected residents that have been | ||
| sent a disclosure of the breach by mail or other direct method of | ||
| communication at the time of notification; | ||
| (4) the measures taken by the person regarding the | ||
| breach; | ||
| (5) any measures the person intends to take regarding | ||
| the breach after the notification under this subsection; and | ||
| (6) information regarding whether law enforcement is | ||
| engaged in investigating the breach. | ||
| (j) The attorney general shall post on the attorney | ||
| general's publicly accessible Internet website: | ||
| (1) an electronic form for submitting a notification | ||
| under Subsection (i); and | ||
| (2) a listing of the notifications received by the | ||
| attorney general under Subsection (i), excluding any sensitive | ||
| personal information that may have been reported to the attorney | ||
| general under that subsection, any information that may compromise | ||
| a data system's security, and any other information reported to the | ||
| attorney general that is made confidential by law. The attorney | ||
| general shall: | ||
| (A) [ |
||
| 30th day after the date the attorney general receives notification | ||
| of a new breach of system security; | ||
| (B) [ |
||
| not later than the first anniversary of the date the attorney | ||
| general added the notification to the listing if the person who | ||
| provided the notification has not notified the attorney general of | ||
| any additional breaches under Subsection (i) during that period; | ||
| and | ||
| (C) [ |
||
| updated listing on the attorney general's website. | ||
| SECTION 2. This Act takes effect September 1, 2023. | ||
| ______________________________ | ______________________________ | |
| President of the Senate | Speaker of the House | |
| I hereby certify that S.B. No. 768 passed the Senate on | ||
| April 3, 2023, by the following vote: Yeas 31, Nays 0. | ||
| ______________________________ | ||
| Secretary of the Senate | ||
| I hereby certify that S.B. No. 768 passed the House on | ||
| May 12, 2023, by the following vote: Yeas 139, Nays 1, two | ||
| present not voting. | ||
| ______________________________ | ||
| Chief Clerk of the House | ||
| Approved: | ||
| ______________________________ | ||
| Date | ||
| ______________________________ | ||
|
Statutes affected: Introduced: Commerce Code 521.053 (Commerce Code 521) Senate Committee Report: Commerce Code 521.053 (Commerce Code 521) Engrossed: Commerce Code 521.053 (Commerce Code 521) House Committee Report: Commerce Code 521.053 (Commerce Code 521) Enrolled: Commerce Code 521.053 (Commerce Code 521) | ||