Who must comply with the Texas Data Privacy and Security Act (“TDPSA”)?
The TDPSA applies only to a person that:
-
Conduct business in Texas or produce products or services consumed by Texas residents;
-
Processes or engages in the sale of personal data; and
-
Is not a small business as defined by the U.S. Small Business Administration, unless the small business is involved in the sale of sensitive personal information.
The applicability standard is broader than most other state privacy laws previously enacted because it does not have a revenue threshold or one related to the number of consumers’ data must be controlled or processed. Instead, the applicability is based on whether the business qualifies a “small business,” which is a variable, context-specific standard, the status of which can be undone by its affiliations.
For more information, see here: https://texas.public.law/statutes/tex._bus._and_com._code_title_11_subtitle_c_chapter_541
These materials were obtained directly from the State Legislative websites and are posted here for your review and reference only. No Claim to Original State Government Works. This may not be the most recent version. The State may have more current information. We make no guarantees or warranties about the accuracy or completeness of this information, or the information linked to. Please check the linked sources directly.