| |
| |
|
|
A BILL TO BE ENTITLED
|
|
|
AN ACT
|
|
|
relating to a business's electronic transmission of the sensitive |
|
|
personal information of its customers. |
|
|
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: |
|
|
SECTION 1. Section 521.052, Business & Commerce Code, as |
|
|
effective April 1, 2009, is amended by amending Subsection (c) and |
|
|
adding Subsection (d) to read as follows: |
|
|
(c) Subsections (a) and (b) do [This section does] not apply |
|
|
to a financial institution as defined by 15 U.S.C. Section 6809. |
|
|
(d) A business may not transfer the sensitive personal |
|
|
information of a customer through an electronic transmission, other |
|
|
than a facsimile, to a person outside of the secure computer-based |
|
|
information system of the business unless the business uses |
|
|
encryption to ensure the security of electronic transmissions of |
|
|
its customers' sensitive personal information. In this subsection, |
|
|
"encryption" means the use of an algorithmic process, or another |
|
|
method that is at least as secure as an algorithmic process, to |
|
|
convert data into a form in which meaning cannot be assigned without |
|
|
the use of a key or other confidential process. |
|
|
SECTION 2. This Act takes effect September 1, 2009. |