Sunday, April 10, 2005

Texas Considering Security Breach Notification Law

PrivacySpot is reporting that the state of Texas is considering a privacy breach notification law, similar to the law already in place in California:

One Million Dollars: Texas Considering Security Breach Notification Law | PrivacySpot.com - Privacy Law and Data Protection:

"...The law would require a person 'that owns or licenses computerized data that includes identifying information of a resident of this state' to notify the resident of any computer security breach if the resident's unencrypted identifying information was, or was reasonably believed to have been, obtained by an unauthorized person.

Notification would be required within a reasonable time after the data controller discovered the security breach, taking into consideration any law enforcement agency requests to delay the notification and any measures necessary to determine the scope of the breach or restore the reasonable integrity of the data system. A data controller that has notification procedures built in to its data security policy could use those notification procedures so long as they were not inconsistent with the timing requirements of the law...."

No comments: