| |
|
|
A BILL TO BE ENTITLED
|
|
|
AN ACT
|
|
|
relating to acquisition of personal information in a business |
|
|
record through fraudulent means. |
|
|
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: |
|
|
SECTION 1. Title 4, Business & Commerce Code, is amended by |
|
|
adding Chapter 50 to read as follows: |
|
|
CHAPTER 50. PROTECTION OF PERSONAL INFORMATION IN A BUSINESS |
|
|
RECORD |
|
|
SUBCHAPTER A. GENERAL PROVISIONS |
|
|
Sec. 50.001. DEFINITIONS. In this chapter: |
|
|
(1) "Business record": |
|
|
(A) means any material on which information is |
|
|
recorded or preserved, including information that is: |
|
|
(i) in written or spoken words; |
|
|
(ii) graphically depicted; |
|
|
(iii) printed; or |
|
|
(iv) electromagnetically transmitted; and |
|
|
(B) does not include a publicly available |
|
|
directory containing information that an individual has |
|
|
voluntarily consented to have publicly disseminated, including the |
|
|
individual's name, address, or telephone number. |
|
|
(2) "Customer" means an individual who provides |
|
|
personal information to a business to purchase or lease a product or |
|
|
obtain a service from the business. |
|
|
(3) "Personal information" means any information that |
|
|
identifies, relates to, or describes an individual, including the |
|
|
individual's: |
|
|
(A) name or signature; |
|
|
(B) social security number, passport number, |
|
|
driver's license number, or state identification card number; |
|
|
(C) physical characteristics; |
|
|
(D) address, telephone number, or telephone |
|
|
calling pattern record or list; |
|
|
(E) insurance policy number; |
|
|
(F) education, employment, or employment |
|
|
history; and |
|
|
(G) bank account number, credit card or debit |
|
|
card number, or any other financial information. |
|
|
Sec. 50.002. APPLICABILITY OF CHAPTER. This chapter does |
|
|
not apply to an action taken by: |
|
|
(1) a law enforcement agency or an officer, employee, |
|
|
or agent of that agency in connection with the performance of an |
|
|
official duty of the agency to obtain a customer's or employee's |
|
|
personal information contained in a business record; or |
|
|
(2) a business or an officer, employee, or agent of the |
|
|
business to obtain a customer's or employee's personal information |
|
|
contained in a business record for: |
|
|
(A) testing the security procedures of the |
|
|
business for maintaining the confidentiality of a customer's or |
|
|
employee's personal information; |
|
|
(B) investigating an allegation of misconduct or |
|
|
negligence on the part of an officer, employee, or agent of the |
|
|
business; |
|
|
(C) recovering the personal information of a |
|
|
customer or employee of the business that was obtained or received |
|
|
by another person in the manner prohibited by Section 50.051; or |
|
|
(D) analyzing customer records for a pattern of |
|
|
activity to identify fraud or identity theft. |
|
|
Sec. 50.003. WAIVER OF CHAPTER PROHIBITED. A waiver of a |
|
|
provision of this chapter is void. |
|
|
Sec. 50.004. EFFECT OF CHAPTER ON SUBPOENA OR COURT ORDER. |
|
|
This chapter does not prevent a person from obtaining personal |
|
|
information through a subpoena or court order. |
|
|
[Sections 50.005-50.050 reserved for expansion] |
|
|
SUBCHAPTER B. PROTECTION OF PERSONAL INFORMATION IN A BUSINESS |
|
|
RECORD FROM ACQUISITION THROUGH FRAUDULENT MEANS |
|
|
Sec. 50.051. OBTAINING PERSONAL INFORMATION BY CERTAIN |
|
|
MEANS PROHIBITED. (a) A person may not obtain or attempt to |
|
|
obtain, or cause to be disclosed or attempt to cause to be |
|
|
disclosed, a customer's or employee's personal information |
|
|
contained in a business record by: |
|
|
(1) making a false or fraudulent statement or |
|
|
representation to an officer, employee, agent, or customer of a |
|
|
business; or |
|
|
(2) providing a document to an officer, employee, or |
|
|
agent of a business if the person knows that the document: |
|
|
(A) is forged, counterfeit, lost, stolen, or |
|
|
fraudulently obtained; or |
|
|
(B) contains a false or fraudulent statement or |
|
|
representation. |
|
|
(b) A person may not request that another person obtain a |
|
|
customer's or employee's personal information contained in a |
|
|
business record if the requesting person knows that the other |
|
|
person will obtain or attempt to obtain the information in a manner |
|
|
prohibited by Subsection (a). |
|
|
[Sections 50.052-50.100 reserved for expansion] |
|
|
SUBCHAPTER C. ENFORCEMENT |
|
|
Sec. 50.101. REMEDIES CUMULATIVE. The remedies provided in |
|
|
this subchapter are cumulative. |
|
|
Sec. 50.102. PERSONAL INFORMATION OBTAINED IN VIOLATION OF |
|
|
THIS CHAPTER INADMISSIBLE. Any personal information that a person |
|
|
obtains in violation of this chapter is inadmissible as evidence in |
|
|
a judicial, administrative, legislative, or other proceeding |
|
|
unless the information is offered as proof in an action for a |
|
|
violation of this chapter. |
|
|
Sec. 50.103. PRIVATE CAUSE OF ACTION. (a) A customer or |
|
|
employee of a business who is injured by a violation of this chapter |
|
|
may bring an action against a person for: |
|
|
(1) actual damages; |
|
|
(2) statutory damages as provided by Subsection (b); |
|
|
and |
|
|
(3) an injunction against a violation or threatened |
|
|
violation of this chapter. |
|
|
(b) If the trier of fact in an action brought under this |
|
|
section finds that the actions of the defendant were wilful, |
|
|
intentional, or reckless, the injured person is entitled to |
|
|
statutory damages not to exceed $3,000 for each violation. If the |
|
|
trier of fact finds that the actions of the defendant were not |
|
|
wilful, intentional, or reckless, the injured person is entitled to |
|
|
statutory damages not to exceed $500 for each violation. |
|
|
(c) A plaintiff who prevails in an action under this chapter |
|
|
is entitled to reasonable attorney's fees and costs. |
|
|
SECTION 2. This Act takes effect September 1, 2007. |