Texas
Texas Data Privacy and Security Act (TDPSA)
| Passed | June 16, 2023 |
| Effective Date | July 1, 2024 |
| Who it applies to |
Any entity doing business in Texas or that produces products or services for Texas residents and processes personal data. Exempt entities include nonprofits, government agencies, higher education institutions, and financial institutions subject to the Gramm-Leach-Bliley Act (GLBA). |
| Penalties | Up to $5,000 per violation |
What’s notable about it:
The Texas TDPSA applies to businesses of all sizes. But “small businesses” (as defined by the Small Business Administration) only have one requirement: Get consent before selling sensitive data. Larger businesses have much stricter data-selling requirements and must publish disclaimers if they sell sensitive or biometric data. Interestingly, it does not attach any monetary thresholds to its applicability criteria, making its reach broader than many other state laws.