AUTHOR'S / SPONSOR'S STATEMENT OF INTENT
S.B. 1610 amends current law relating to the notification of individuals following a breach of security of computerized data.
RULEMAKING AUTHORITY
This bill does not expressly grant any additional rulemaking authority to a state officer, institution, or agency.
SECTION BY SECTION ANALYSIS
SECTION 1. Amends Sections 521.053(b-1) and (e), Business & Commerce Code, as follows:
(b-1) Authorizes the notice of the breach of system security required under Subsection (b) (relating to requiring a person who conducts business and owns computer data to disclose any breach of system security), if the individual whose sensitive personal information was or is reasonably believed to have been acquired by an unauthorized person is a resident of a state that requires a person described by Subsection (b) to provide notice of a breach of system security, to be provided under that state's law or under Subsection (b), rather than provides that, if the individual is a resident of a state that requires a person described by Subsection (b) to provide notice of a breach of system security, the notice of the breach of system security provided under that state's law satisfies the requirements of Subsection (b). Deletes existing text providing that notwithstanding Subsection (b), the requirements of Subsection (b) apply only if the individual whose sensitive personal information was or is reasonably believed to have been acquired by an unauthorized person is a resident of this state or another state that does not require a person described by Subsection (b) to notify the individual of a breach of system security.
(e) Authorizes a person to give notice as required by Subsection (b) or (c) (relating to requiring any person who maintains computerized data that includes sensitive personal information not owned by the person to report upon discovering a breach) by providing written notice at the last known address of the individual.
SECTION 2. Effective date: upon passage or September 1, 2013.