| |
| |
|
|
A BILL TO BE ENTITLED
|
|
|
AN ACT
|
|
|
relating to the duty to protect and safeguard sensitive personal |
|
|
information. |
|
|
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: |
|
|
SECTION 1. Section 521.052, Business and Commerce Code, as |
|
|
added by Chapter 885 (H.B. 2278), Acts of the 80th Legislature, |
|
|
Regular Session, 2007, is amended to read as follows |
|
|
Sec. 521.052. BUSINESS DUTY TO PROTECT SENSITIVE PERSONAL |
|
|
INFORMATION. (a) A business shall implement and maintain |
|
|
reasonable procedures, including taking any appropriate corrective |
|
|
action, to protect from unlawful use or disclosure any sensitive |
|
|
personal information collected or maintained by the business in the |
|
|
regular course of business. |
|
|
(b) A business shall destroy or arrange for the destruction |
|
|
of customer records containing sensitive personal information |
|
|
within the business's custody or control that are not to be retained |
|
|
by the business by: |
|
|
(1) shredding; |
|
|
(2) erasing; or |
|
|
(3) otherwise modifying the sensitive personal |
|
|
information in the records to make the information unreadable or |
|
|
indecipherable through any means. |
|
|
(c) This section does not apply to a financial institution |
|
|
as defined by 15 U.S.C. Section 6809. |
|
|
(d) As used in this section, "business" includes a nonprofit |
|
|
athletic or sports association. |
|
|
SECTION 2. This Act takes effect immediately if it receives |
|
|
a vote of two-thirds of all the members elected to each house, as |
|
|
provided by Section 39, Article III, Texas Constitution. If this |
|
|
Act does not receive the vote necessary for immediate effect, this |
|
|
Act takes effect September 1, 2009. |