ETFOptimize | High-performance ETF-based Investment Strategies

Quantitative strategies, Wall Street-caliber research, and insightful market analysis since 1998.


ETFOptimize | HOME
Close Window

Data Breach? State Laws Require Notification of Affected Parties

 

Originally Posted On: https://deckerjones.com/news/data-breach-state-laws-require-notification-of-affected-parties/

 

Data Breach? State Laws Require Notification of Affected Parties

Data breaches are becoming increasingly common, especially with the rapid advancement of technology and AI. According to a 2022 study by Forrester, nearly 75% of surveyed organizations were victims of a data breach. Equally alarming is that in the first nine months of 2023 data breaches increased in the U.S. by nearly 20% compared to the 12 months prior. Because the risk is progressively high, it is important for Texas business owners and executives to be prepared.

A data breach is a security violation in which sensitive, protected, or confidential data is copied, transmitted, viewed, stolen, altered, or used by an individual unauthorized to do so. This situation can result in disastrous consequences, such as lost business revenue, plummeting stock prices, organizational disruption, and damaging personal exposure. Another unpleasant and unexpected consequence can be civil penalties for failure to properly report the breach.

Certain types of data breaches must be reported under Texas’ data breach notification statute, i.e., Section 521.053 of the Texas Business & Commerce Code. Specifically, the statute covers the unauthorized access, use, or disclosure of “sensitive personal information” — such as one’s Social Security number, driver’s license number, credit card number, bank account number, or health information. If such a breach occurs in your business (“business” can include for-profit, nonprofit, and even governmental entities), you must report the breach to any affected parties. Failure to properly report is no trivial matter, possibly resulting in civil penalties of up to $50,000 per violation.

Thus, it is critical that you understand what to do (and especially what is required by law) in the event of a data breach.

Knowledge of Texas’ statutory deadlines is key. In general, a Texas business must notify affected individuals within 60 days of a breach. This deadline may be delayed or modified under certain circumstances, as provided in the statute.

Additionally, if the data breach involves at least 250 Texas residents, a Texas business must notify the Attorney General within 30 days of breach. The Attorney General’s website provides specific instructions on how to give notice. Businesses are typically reluctant to self-report to the Attorney General, but due to the risk of onerous penalties, proper reporting is a high priority.

To ensure compliance with the statute, I would recommend implementing a security policy that tracks the requirements of the statute and addresses how, when, and to whom notice should be given in the event of a data breach.

Such a policy would be especially helpful if you conduct business in multiple states. All 50 states, the District of Columbia, and U.S. territories have their own data breach notification statutes, and many of them have different deadlines and other requirements. This means your business may have to comply with multiple state statutes. You can be prepared with a comprehensive security policy that keeps track of important requirements, such as deadlines.

For example, if your business operates in Texas, Oklahoma, and New Mexico, your policy must account for the fact that New Mexico has a shorter, 45-day deadline (as opposed to Texas’ 60-day deadline) to notify individuals. A helpful summary of each state’s statutory requirements can be found here.

You’ve heard the saying, “a best defense is a good offense.” Savvy businesses should take this opportunity to be proactive by taking not only prevention measures, such as investing in a good security software and IT services, but also anticipatory measures — that is, having a clear policy and procedure in place when all else fails.

###

Kiala E. Ellingson is an associate attorney at Decker Jones, P.C., where she focuses on commercial litigation and intellectual property. She joined the firm recently in 2023, bringing with her a strong background in STEM that informs her unique interdisciplinary approach practicing law.

https://fortworthinc.com/commentary/data-breach-state-laws-require-notification-of-affected-part/

Data & News supplied by www.cloudquote.io
Stock quotes supplied by Barchart
Quotes delayed at least 20 minutes.
By accessing this page, you agree to the following
Privacy Policy and Terms and Conditions.


 

IntelligentValue Home
Close Window

DISCLAIMER

All content herein is issued solely for informational purposes and is not to be construed as an offer to sell or the solicitation of an offer to buy, nor should it be interpreted as a recommendation to buy, hold or sell (short or otherwise) any security.  All opinions, analyses, and information included herein are based on sources believed to be reliable, but no representation or warranty of any kind, expressed or implied, is made including but not limited to any representation or warranty concerning accuracy, completeness, correctness, timeliness or appropriateness. We undertake no obligation to update such opinions, analysis or information. You should independently verify all information contained on this website. Some information is based on analysis of past performance or hypothetical performance results, which have inherent limitations. We make no representation that any particular equity or strategy will or is likely to achieve profits or losses similar to those shown. Shareholders, employees, writers, contractors, and affiliates associated with ETFOptimize.com may have ownership positions in the securities that are mentioned. If you are not sure if ETFs, algorithmic investing, or a particular investment is right for you, you are urged to consult with a Registered Investment Advisor (RIA). Neither this website nor anyone associated with producing its content are Registered Investment Advisors, and no attempt is made herein to substitute for personalized, professional investment advice. Neither ETFOptimize.com, Global Alpha Investments, Inc., nor its employees, service providers, associates, or affiliates are responsible for any investment losses you may incur as a result of using the information provided herein. Remember that past investment returns may not be indicative of future returns.

Copyright © 1998-2017 ETFOptimize.com, a publication of Optimized Investments, Inc. All rights reserved.