This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
header image


Texas Data Privacy and Security Act (TDPSA)

Passed June 16, 2023
Effective Date July 1, 2024
Who it applies to

Any entity doing business in Texas or that produces products or services for Texas residents and processes personal data. Exempt entities include nonprofits, government agencies, higher education institutions, and financial institutions subject to the Gramm-Leach-Bliley Act (GLBA).

Penalties Up to $5,000 per violation

What’s notable about it:

The Texas TDPSA applies to businesses of all sizes. But “small businesses” (as defined by the Small Business Administration) only have one requirement: Get consent before selling sensitive data. Larger businesses have much stricter data-selling requirements and must publish disclaimers if they sell sensitive or biometric data. Interestingly, it does not attach any monetary thresholds to its applicability criteria, making its reach broader than many other state laws.

The Strict Spectrum

Less Strict