Texas recently enacted an amendment to its data breach notification law. As of September 1, 2023, there are two changes to the requirements when notifying the Texas Attorney General. In Texas, breaches of 250 residents or more must be reported to the Attorney General. Now, as amended, this will need to be done so as soon as practicable, and not later than 30 days from determination of the breach (previously, it was 60 days). Texas joins Colorado, Florida, and Washington in requiring notice within a 30-day time frame. Notification in Texas must also be submitted electronically using a form on the AG’s website.
Putting it Into Practice: These changes are a reminder that states continue to update their breach notification laws. Companies should keep in mind the upcoming change in Texas from 60 to 30 days. Additionally, companies may want to otherwise review their incident response plans at the end of the calendar year.