S.B. No. 2610 introduces a new chapter, Chapter 542, to the Business & Commerce Code, which establishes a framework for limiting civil liability for business entities in Texas in the event of a breach of system security. The bill specifies that it applies to business entities with fewer than 250 employees that own or license computerized data containing sensitive personal information. It prohibits the recovery of exemplary damages in lawsuits related to such breaches if the business can demonstrate that it had implemented and maintained a compliant cybersecurity program at the time of the breach.

The bill outlines the requirements for a cybersecurity program, which must include administrative, technical, and physical safeguards, conform to an industry-recognized cybersecurity framework, and be tailored to the size of the business. It also clarifies that the chapter does not create a private cause of action or alter existing legal duties. The provisions of this bill will take effect on September 1, 2025, and will only apply to causes of action that accrue on or after that date.

Statutes affected:
Introduced: ()
Senate Committee Report: ()
Engrossed: ()
House Committee Report: ()
Enrolled: ()