Texas Wall Of Shame
In June, Governor Greg Abbott, signed House Bill 3746 into law, which makes changes to Texas's current data breach notification requirements. House Bill 3746 requires the Attorney General to publicly publish a record of data breaches that have an impact on Texas residents. The records will be publically released on the Attorney General's website. What is being considered by many as Texas's "Wall of Shame" follows a recent trend by states to enhance their current privacy laws that were put in place to protect customers and clients. The move by Governor Abbott came after a few other states (Maine, California, and Washington) enacted similar laws.
What Is Required Under the Texas Data Breach Notification Law?
Under House Bill 3746, Texas law will be amended in the form of added data breach notification requirements. Currently, Texas law requires certain businesses that experience a data breach that impacts 250 or more Texans to notify the Office of the Attorney General within 60 days of identifying the breach so the information can be posted on the AG's website.
When the information is reported, the Attorney General cannot include sensitive personal information, information that could jeopardize a system's network security, or information that is deemed confidential by law in the notice. If a year passes and the business does not experience another data breach during that time period, the posting can be removed from the AG's website.
House Bill 3746 adds additional requirements for data breach notifications, including the following:
- Information that details the nature of the breach (as well as the circumstances of the breach) or the use of sensitive personal information that was acquired as a result of the data breach
- The number of residents in Texas who were impacted by the breach at the time of notification
- The measures that the business or organization took regarding the data breach
- The measures business or organization plans to take after notification has been made about the data breach
- Information regarding whether law enforcement is investigating the breach
The Texas data breach notification law will go into effect on September 1. If any incident is subject to the breach notification requirements that have to be reported to the Attorney General, it must meet the above requirements.
How Can You Protect Your Business?
It is important for you to remain alert and address current and future policies and procedures if you have not taken this step already. This should include the following:
- Making updates to your consumer privacy policies and procedures
- Notifying your clients and/or customers of any changes that will be made to your policies and procedures
- Developing enhanced incident response structures
- Understanding the ins and outs of your business or organization's data
- Staying alert of any privacy or data breach laws that will impact your operations
Heavy fines and penalties can be handed down, and many of them are too steep to risk failing to comply with the data breach notification laws. It will certainly help to educate yourself and your employees about the plans for your business and how it will be protected.
If your business or organization maintains sensitive and confidential information of Texas residents, you should take some time to review your procedures, policies, and incident response structures to make sure everything is in place to comply with House Bill 3746 by September 1, 2021.
While we are unsure if the enactment of House Bill 3746 means stricter Texas legislation is on the way, you should continue to monitor legislation development in Texas and globally. Your business or organization should keep privacy and security at the heart of your business as you continue to assess your current and future plans for your business or organization.
How Can You Establish a Positive Cybersecurity Culture?
Many leaders in the industry believe it is time to end the stigma surrounding data breaches and work together to fix the issue. Cybersecurity is hard, and it will take significant effort from various entities. To put an end to data breaches and other cybersecurity problems, it is time for everyone to stop playing the blame game whenever there is a data breach.
Cybersecurity is about facing any form of adversity that is thrown our way, regardless of when or where. When data breaches or other cybersecurity issues make headlines, we are often told about the businesses or organizations that have failed, but what about the ones that succeeded?
There does not have to be a constant stream of negative conversations. Issues will arise in every industry, but we have to learn from those issues and stop playing the blame game. We recommend that businesses or organizations take steps to build a positive security culture, and this can be achieved by doing the following:
- Collaborate with like-minded businesses or organizations because attempting to solve problems individually can result in the loss of time, money, and resources
- Encourage cybersecurity awareness and training, and this can help establish a positive cybersecurity culture that will allow for better communication and collaboration
- Promote a strong defense against cybercrime
Even businesses and organizations that have already implemented taken steps to protect their data and operations are not exempt from data breaches. Businesses and organizations of all sizes and in all industries can become the victim of a data breach when they least expect it.
If your business or organization collects, uses, maintains, or data of any kind, there will always be a risk of a security incident like a data breach. If the security incident involves data from customers or clients, your business or organization could face steep penalties that could make it difficult for your business to recover.
As more states begin to implement privacy laws, it is important to remain alert to ensure that your business is meeting all the requirements so you can avoid landing on the Texas Wall of Shame.
Velocity IT works with Dallas and Fort Worth organizations to keep their information secure, avoid and minimize the risk of a data breach, and more. We have the tools and resources your organization needs to prepare for and mitigate the liability and costs associated with data breaches and other security incidents. Contact Velocity IT today to book your free consultation.