The bill would amend Title 4, Business and Commerce Code by adding new Chapter 50 to require that a person who owns, licenses, or maintains computerized data that includes identifying information must notify the person of any breach of the security of the person’s information within a reasonable amount of time unless a delay is requested by a law enforcement agency. Notification is to be in writing or by electronic notice. This chapter does not apply to a person who maintains federal, state, or local government records available to the public.

The Attorney General, or the county attorney, are authorized to bring suit to recover a civil penalty not to exceed $1 million for each violation and recover court costs and attorney fees.  This Act takes effect on September 1, 2005.

The OAG anticipates any legal work resulting from the passage of this bill could be reasonably absorbed with current resources.