{"id":4249,"date":"2023-06-25T05:05:00","date_gmt":"2023-06-25T11:05:00","guid":{"rendered":"https:\/\/trustarc.com\/?post_type=resource&#038;p=4249"},"modified":"2025-07-16T13:56:36","modified_gmt":"2025-07-16T18:56:36","slug":"texas-data-privacy-and-security-act","status":"publish","type":"resource","link":"https:\/\/trustarc.com\/resource\/texas-data-privacy-and-security-act\/","title":{"rendered":"Background Brief: Texas Data Privacy and Security Act"},"content":{"rendered":"\t\t<section id=\"block_6a702acebebc348d573e7d509d59bb53\" class=\"resource-intro intro-simple\">\n\t\t\t<div class=\"container\">\n\t\t\t\t\t\t\t\t\t<strong class=\"sub-title block uppercase\">Article<\/strong>\n\t\t\t\t\t\t\t\t\t\t<h1>Background brief: Texas Data Privacy and Security Act  <\/h1>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\n\n\t<section id=\"block_53b0c8e7290ec0ab7e8c1c1bbac0a7e0\" class=\"columns-content\">\n\t\t<div class=\"container\">\n\t\t\t<div class=\"left\">\n\t\t\t\t\t\t\t<\/div>\n\t\t\t<div class=\"middle\">\n\t\t\t\t<div class=\"content\">\n\t\t\t\t\t<p>Texas has followed California\u2019s lead and adopted the <a href=\"https:\/\/capitol.texas.gov\/tlodocs\/88R\/billtext\/pdf\/HB00004F.pdf#navpanes=0\" target=\"_blank\" rel=\"noopener\">Texas Data Privacy and Security Act<\/a> (TDPSA), a set of consumer privacy laws similar to the California Consumer Privacy Act (CCPA) giving consumers greater protections for their personal data and more control over how organizations may collect and process that data.<\/p>\n<p>TDPSA was signed into law on June 18, 2023, and most of its provisions are effective from July 1, 2024.<\/p>\n<h2>Texas Data Privacy and Security Act: Key dates<\/h2>\n<ul>\n<li><strong>March 8, 2019<\/strong> \u2013 responding to growing demand among Texans for stronger consumer privacy protections like those in California, two Texan Representatives file privacy bills in the House on the same day. Rep. Giovanni Capriglione files <a href=\"https:\/\/capitol.texas.gov\/tlodocs\/86R\/billtext\/pdf\/HB04390I.pdf#navpanes=0\" target=\"_blank\" rel=\"noopener\">HB 4390<\/a> (aka the) \u2018Texas Privacy Protection Act\u2019 and Rep. Trey Martinez Fischer files <a href=\"https:\/\/capitol.texas.gov\/tlodocs\/86R\/billtext\/pdf\/HB04518I.pdf#navpanes=0\" target=\"_blank\" rel=\"noopener\">HB 4518<\/a> (aka the) \u2018Texas Consumer Privacy Act\u2019.<\/li>\n<li><strong>April 2, 2019<\/strong> \u2013 both bills are heard during a public meeting of the Texas House Committee on Business and Industry. During his presentation, Rep. Caprigliogne says, <em>\u201cWhat my bill aims to do is to provide a little bit more regulation, a little bit more oversight, into the information that is being collected on us, about us, every single day without our knowledge \u2013 a lot of times without our permission.\u201d<\/em>\n<ul>\n<li>As Rep. Martinez Fischer\u2019s presentation is second, he notes, <em>\u201cI fully appreciate and recognize that there might be higher-ups in the federal government that could grade our papers on this, and come up with a solution that can be applied to the entire nation. But unless and until that happens, I think we can\u2019t just sit on our hands and watch time go by.\u201d<\/em><\/li>\n<li>Reps. Martinez Fischer and Capriglione then collaborate on revising HB 4390 to get it ready for a vote in the House.<\/li>\n<\/ul>\n<\/li>\n<li><strong>May 7, 2019<\/strong> \u2013 Texas House Bill 4390 goes to vote in the House and passes with a unanimous 140-0 vote in favor.<\/li>\n<li><strong>May 9, 2019<\/strong> \u2013 Rep. Martinez Fischer explains to the <a href=\"https:\/\/sanantonioreport.org\/state-rep-trey-martinez-fischer-helps-push-digital-privacy-bill-through-house\/\" target=\"_blank\" rel=\"noopener\">San Antonio Report why he backed HB 4390<\/a>: <em>\u201cData privacy is becoming a big issue. More importantly, as we continue to see pretty much nothing happening in the United States Congress, it\u2019s incumbent upon the states to act.\u201d<\/em>\n<ul>\n<li>A statement from Rep. Capriglione published in the same article says: <em>\u201cToday, data privacy initiatives require unique and robust solutions to defend people\u2019s right to privacy. A Texas solution would not burden businesses, but would put Texans first.\u201d<\/em><\/li>\n<\/ul>\n<\/li>\n<li><strong>June 18, 2023<\/strong> \u2013 Texas Governor Greg Abbott signs into law the Texas Data Privacy and Security Act.<\/li>\n<li><strong>July 1, 2024<\/strong> \u2013 Texas Data Privacy and Security Act becomes effective.<\/li>\n<li><strong>January 1, 2025<\/strong> \u2013 Additional provision in TDSPA for universal opt-out signals (e.g. Global Privacy Control) becomes effective.<\/li>\n<\/ul>\n<h2>Texans\u2019 personal data privacy rights under TDPSA<\/h2>\n<p><a href=\"https:\/\/capitol.texas.gov\/tlodocs\/88R\/billtext\/pdf\/HB00004F.pdf#navpanes=0\" target=\"_blank\" rel=\"noopener\">Consumers are defined in the Texas Data Privacy and Security Act<\/a> as residents of Texas acting as individuals (on their behalf) or a households. This definition excludes individuals acting in a business or employment capacity.<\/p>\n<p><strong>Personal data<\/strong> is defined as any information \u201clinked or reasonably linkable to an identified or identifiable individual\u201d. This definition of <strong>personal information<\/strong> covers pseudonymous data when \u201cthe data is used by a controller or processor in conjunction with additional information that reasonably links the data to an identified or identifiable individual. The term does not include de-identified data or publicly available information.\u201d<\/p>\n<p>The main personal data privacy rights gained by Texans include:<\/p>\n<ul>\n<li><strong>Right to know\/confirm<\/strong> whether a data controller is processing their personal data.<\/li>\n<li><strong>Right to access<\/strong> their own data held and processed by a controller.<\/li>\n<li><strong>Right to data portability<\/strong>, allowing a consumer to obtain a copy of their personal data they\u2019ve previously given the provider.<\/li>\n<li><strong>Right to correct<\/strong> inaccuracies in records of personal data held by a controller.<\/li>\n<li><strong>Right to delete<\/strong> records of personal data held by a controller, whether that data was provided by the consumer, or obtained about them through other means (such as data sharing arrangements).<\/li>\n<li><strong>Right to opt-out from processing of personal data<\/strong>, including opting-out from having their personal data processed for sale, profiling and\/or targeted advertising.<\/li>\n<li><strong>Right not to be discriminated against<\/strong> for exercising privacy rights (the Act also covers consumers\u2019 rights not to have personal data processed in violation of state and federal laws that prohibit unlawful discrimination against consumers).<\/li>\n<li><strong>Right to only have sensitive data collected by prior <em>informed<\/em> and <em>unambiguous<\/em> consent<\/strong> \u2013 this provision restricts controllers from collecting or processing any personal data defined as \u2018sensitive\u2019.<\/li>\n<\/ul>\n<p><strong>Sensitive data<\/strong> is defined as information about a person\u2019s:<\/p>\n<ul>\n<li>Race or ethnicity<\/li>\n<li>Religious belief<\/li>\n<li>Mental or physical health diagnosis<\/li>\n<li>Sexuality<\/li>\n<li>Citizenship or immigration status<\/li>\n<li>Genetic or biometric data that could be used to identify a person<\/li>\n<li>Precise geolocation (i.e. data identifying where a person is located within a radius of 1,750 feet).<\/li>\n<\/ul>\n<p>Consumers can exercise their personal data rights under the Texas Data Privacy and Security Act by lodging requests with data controllers, noting which consumer right\/s they want to exercise. Parents and legal guardians of children (defined as children under age 13) can exercise a child\u2019s rights on their behalf.<\/p>\n<h3>Universal opt-out signals \/ Global Privacy Control under TDPSA<\/h3>\n<p>From January 1, 2025, some provisions for consumers to assign (or submit) universal opt-out signals via authorized third parties (for example, via Global Privacy Control) will become effective.<\/p>\n<p>Controllers must comply with opt-out requests from authorized agents if they can verify \u201cwith commercially reasonable effort\u201d a consumer\u2019s identity and the authorized agent\u2019s authority to act on the consumer\u2019s behalf.<\/p>\n<p>The rules for opt-out signals state:<\/p>\n<ul>\n<li>\u201cA consumer may designate another person to serve as the consumer\u2019s authorized agent and act on the consumer \u2019s behalf to opt out of the processing of the consumer\u2019s personal data.\u201d<\/li>\n<li>\u201cA consumer may designate an authorized agent using a technology, including a link to an Internet website, an Internet browser setting or extension, or a global setting on an electronic device, that allows the consumer to indicate the consumer \u2019s intent to opt out of the processing.\u201d<\/li>\n<\/ul>\n\t\t\t\t\t\t\t\t\t<div class=\"question-box-multiple\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"question-box bg-dark\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"icon\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/trustarc.com\/wp-content\/uploads\/2024\/02\/icon_Online-Privacy_Small.svg\" class=\"attachment-full size-full\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<h4>GPC and Known User Consent<\/h4>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<p>Understand GPC and the regulations that require universal opt-out mechanism compliance.<\/p>\n<a href=\"\/resource\/global-privacy-control-known-user-consent\/\" class=\"cta\">Read now<\/a>\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"question-box bg-white\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"icon\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/trustarc.com\/wp-content\/uploads\/2024\/02\/icon_Insight_Small.svg\" class=\"attachment-full size-full\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<h4>Nymity Privacy Management Accountability Framework<\/h4>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<p data-sider-select-id=\"dae8c56d-ff2a-4820-84c2-46c5eb6b24d6\">A operational structure to comply with the world\u2019s privacy requirements.<\/p>\n<a href=\"\/resource\/nymity-privacy-management-accountability-framework\/\" class=\"cta\">Download now<\/a>\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<h2>Which businesses are subject to Texas privacy law?<\/h2>\n<p>The Texas Data Privacy and Security Act has a very broad definition of business organizations and individuals who must comply with its rules \u2013 and unlike similar privacy laws in other states, it does not have thresholds based on revenue or other numbers (such as the size of customer base).<\/p>\n<p>The text in Section 541.002 of the TDPSA states the act \u201capplies only to a person\u201d that:<\/p>\n<ul>\n<li>Conducts business in Texas; or<\/li>\n<li>Produces a product or service consumed by residents of Texas; or<\/li>\n<li>Processes or engages in the sale of personal data (note: this part of the definition means more individuals or small businesses are not excluded by the next qualifier; though it is restated anyway); or<\/li>\n<li>Is not defined as a small business by the United States Small Business Administration (the SBA defines a small business as \u201can independent business having fewer than 500 employees\u201d) \u2013 \u201cexcept to the extent that Section 541.107 applies to a person described by this subdivision\u201d<br \/>\n<strong>Note:<\/strong> Sec. 541.107 states that a person covered by the definitions listed above \u201cmay not engage in the sale of personal data that is sensitive data without receiving prior consent from the consumer\u201d.<\/li>\n<\/ul>\n<h3>Which organizations are not subject to TDPSA?<\/h3>\n<p>The Act includes exemptions for several types of organizations under Sec. A541.002 (3)(b), which states its rules do not apply to any:<\/p>\n<ul>\n<li>Texas state agency; or<\/li>\n<li>Political subdivision of Texas; or<\/li>\n<li>Financial institution or data subject to Title 10 V of the <a href=\"https:\/\/www.ftc.gov\/business-guidance\/privacy-security\/gramm-leach-bliley-act\" target=\"_blank\" rel=\"noopener\">Gramm-Leach-Bliley Act<\/a> (15 U.S.C. Section 6801 et seq.), which already \u201crequires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data\u201d; or<\/li>\n<li>Covered entity or business associate already governed by the <a href=\"\/resource\/hipaa-compliance-privacy-solutions\/\">Health Insurance Portability and Accountability Act (HIPAA)<\/a> and other applicable federal and state healthcare and medical laws; or<\/li>\n<li>Nonprofit organization; or<\/li>\n<li>Higher education institution; or<\/li>\n<li>Electricity industry organization such as an electric utility, power generation company or retail electric provider.<\/li>\n<\/ul>\n<h2>Texas Data Privacy and Security Law compliance obligations<\/h2>\n<p>The key compliance obligations for controllers subject to TDPSA aim to give Texans more control over how much personal information and what that data is used for.<\/p>\n<p>Controllers are required to:<\/p>\n<ul>\n<li><strong>Limit processing<\/strong> of personal information only to what is adequate, relevant and necessary for the stated purposes of processing (i.e. to deliver a product or service).<\/li>\n<li><strong>Notify consumers<\/strong> \u2013 with a clear, easy-to-understand privacy notice \u2013 of their privacy rights, including rights to opt out, the categories of personal information that may be collected, and the purposes of collecting and processing that data. Controllers must also notify consumers with separate notices and gain consent if the controller intends to collect and sell sensitive data or biometric data; or sell personal data for targeted advertising.<\/li>\n<li><strong>Not process personal data<\/strong> in violation of state and federal laws that prohibit unlawful discrimination against consumers.<\/li>\n<li><strong>Not discriminate<\/strong> against a consumer for exercising their privacy rights.<\/li>\n<li><strong>Gain a consumer\u2019s informed and unambiguous consent<\/strong> (or in the case of a child under 13, consent from their parent\/guardian) before collecting any sensitive data (see notes above outlining Texans\u2019 Personal Data Privacy Rights).<\/li>\n<li><strong>Ensure security<\/strong> of personal data by implementing and maintaining \u201creasonable administrative, technical, and physical data security practices that are appropriate to the volume and nature of the personal data at issue\u201d.<\/li>\n<li><strong>Conduct data protection assessments<\/strong> to reduce risks associated with any of the following: processing data for targeted advertising or profiling, selling personal data, and processing sensitive data.<\/li>\n<li><strong>Maintain contracts with any third-party processors<\/strong> that ensure they are also compliant with TDPSA requirements for processing data.<\/li>\n<li><strong>Respond to consumer personal data requests<\/strong> within 45 days (in some cases a 45-day extension is allowed).<\/li>\n<li><strong>Publicly disclose<\/strong> any data breach within two months.<\/li>\n<\/ul>\n<h2>Penalties for non-compliance with Texas Data Privacy and Security Law<\/h2>\n<p>The <a href=\"https:\/\/www.texasattorneygeneral.gov\/\" target=\"_blank\" rel=\"noopener\">Texas Attorney General<\/a> is the only office in Texas with authority to enforce TDPSA compliance. Individuals cannot initiate a private right of action, but they can notify the Attorney General of alleged violations.<\/p>\n<p>The Attorney General must give a person (i.e. controller or processor) alleged to violate TDPSA:<\/p>\n<ul>\n<li>At least 30 days written notice it intended to take enforcement action \u2013 the notice will explain the specific provision\/s of the Act that have been or are being violated; and<\/li>\n<li>Opportunity to cure the alleged violation\/s within 30 days.<\/li>\n<\/ul>\n<p>Cures of alleged violations must be completed within the 30 days and the persona must deliver a written statement to the AG detailing:<\/p>\n<ul>\n<li>Action taken to cure the violation\/s;<\/li>\n<li>Changes made to internal policies (if necessary) to prevent further violations;<\/li>\n<li>Notices given to consumer\/s whose privacy was violated about the actions taken to address privacy violation\/s (if the consumer\u2019s contact information has been made available to the person alleged to violate the Act);<\/li>\n<\/ul>\n<p>An individual or organization failing to cure any violation\/s can be fined up to $7,500 per violation.<\/p>\n<h2>TrustArc solutions for compliance with Texas Data Privacy Laws<\/h2>\n<p>TrustArc helps businesses manage compliance with all relevant privacy regulations, including the Texas Data Privacy and Security Act.<\/p>\n\t\t\t\t\t\t\t\t\t<div class=\"question-box-multiple\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"question-box bg-white\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"icon\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/trustarc.com\/wp-content\/uploads\/2024\/02\/icon_Consent_Small.svg\" class=\"attachment-full size-full\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<h4>Consent &amp; Preference Manager<\/h4>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<p>Honor customer preferences at every touchpoint.<\/p>\n<a href=\"\/products\/consent-consumer-rights\/consent-preference-manager\/\" class=\"cta\">Learn more<\/a>\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"question-box bg-dark\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"icon\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/trustarc.com\/wp-content\/uploads\/2024\/02\/icon_Folder_Small.svg\" class=\"attachment-full size-full\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<h4>Nymity Research<\/h4>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<p>Stay up to date on hundreds of global privacy laws, regulations, and standards.<\/p>\n<a href=\"\/products\/privacy-data-governance\/nymity-research\/\" class=\"cta\">Start today<\/a>\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t\t<div class=\"right sm\">\n\t\t\t\t<div class=\"share-it\">\n\t\t\t\t\t<strong class=\"title block uppercase\">Follow us<\/strong>\n\t\t\t\t\t<div class=\"soc-list\">\n\t\t\t\t\t\t<a href=\"https:\/\/www.linkedin.com\/company\/trustarc\/\" target=\"_blank\"><img decoding=\"async\" src=\"https:\/\/trustarc.com\/wp-content\/themes\/trustarc\/assets\/dist\/images\/li-dark.svg\" alt=\"\" \/><\/a>\n\t\t\t\t\t\t<a href=\"\nhttps:\/\/twitter.com\/TrustArc\" target=\"_blank\"><img decoding=\"async\" src=\"https:\/\/trustarc.com\/wp-content\/themes\/trustarc\/assets\/dist\/images\/tw-dark.svg\" alt=\"\" \/><\/a>\n\t\t\t\t\t\t<a href=\"javascript:;\" id=\"copy-url\"><img decoding=\"async\" src=\"https:\/\/trustarc.com\/wp-content\/themes\/trustarc\/assets\/dist\/images\/link-dark.svg\" alt=\"\" \/><\/a>\n\t\t\t\t\t\t<span class=\"copied\" style=\"display:none;\">Link Copied!<\/span>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<div class=\"key-topics\">\n\t\t\t\t\t\t<strong class=\"title block uppercase\">Key Topics<\/strong>\n\t\t\t\t\t\t<ul>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li><a href=\"https:\/\/trustarc.com\/topic-resource\/us-consumer-privacy-laws\/\" class=\"badge\">US Consumer Privacy Laws<\/a><\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<div class=\"cta-area\">\n\t\t\t\t\t<p>Get the latest resources sent to your inbox<\/p>\n\t\t\t\t\t<a href=\"\/subscription-center\/\" class=\"cta\">Subscribe<\/a>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/div>\n\t<\/section>\n\t","protected":false},"excerpt":{"rendered":"<p>The Texas Data Privacy and Security Act is a comprehensive law designed to protect consumers in the state.<\/p>\n","protected":false},"featured_media":1694,"template":"","topic-resource":[114],"type-resource":[6],"class_list":["post-4249","resource","type-resource","status-publish","has-post-thumbnail","hentry","topic-resource-us-consumer-privacy-laws","type-resource-articles"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.4 (Yoast SEO v27.4) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Background Brief: Texas Data Privacy and Security Act | TrustArc<\/title>\n<meta name=\"description\" content=\"The Texas Data Privacy and Security Act is the state\u2019s comprehensive data privacy law giving consumers greater protection and control over how their data is collected or used.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/trustarc.com\/resource\/texas-data-privacy-and-security-act\/\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/trustarc.com\\\/resource\\\/texas-data-privacy-and-security-act\\\/\",\"url\":\"https:\\\/\\\/trustarc.com\\\/resource\\\/texas-data-privacy-and-security-act\\\/\",\"name\":\"Background Brief: Texas Data Privacy and Security Act | TrustArc\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/trustarc.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/trustarc.com\\\/resource\\\/texas-data-privacy-and-security-act\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/trustarc.com\\\/resource\\\/texas-data-privacy-and-security-act\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/trustarc.com\\\/wp-content\\\/uploads\\\/2024\\\/02\\\/res-feat-rect-pink.png\",\"datePublished\":\"2023-06-25T11:05:00+00:00\",\"dateModified\":\"2025-07-16T18:56:36+00:00\",\"description\":\"The Texas Data Privacy and Security Act is the state\u2019s comprehensive data privacy law giving consumers greater protection and control over how their data is collected or used.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/trustarc.com\\\/resource\\\/texas-data-privacy-and-security-act\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/trustarc.com\\\/resource\\\/texas-data-privacy-and-security-act\\\/#primaryimage\",\"url\":\"https:\\\/\\\/trustarc.com\\\/wp-content\\\/uploads\\\/2024\\\/02\\\/res-feat-rect-pink.png\",\"contentUrl\":\"https:\\\/\\\/trustarc.com\\\/wp-content\\\/uploads\\\/2024\\\/02\\\/res-feat-rect-pink.png\",\"width\":610,\"height\":152},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/trustarc.com\\\/#website\",\"url\":\"https:\\\/\\\/trustarc.com\\\/\",\"name\":\"TrustArc\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/trustarc.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Background Brief: Texas Data Privacy and Security Act | TrustArc","description":"The Texas Data Privacy and Security Act is the state\u2019s comprehensive data privacy law giving consumers greater protection and control over how their data is collected or used.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/trustarc.com\/resource\/texas-data-privacy-and-security-act\/","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/trustarc.com\/resource\/texas-data-privacy-and-security-act\/","url":"https:\/\/trustarc.com\/resource\/texas-data-privacy-and-security-act\/","name":"Background Brief: Texas Data Privacy and Security Act | TrustArc","isPartOf":{"@id":"https:\/\/trustarc.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/trustarc.com\/resource\/texas-data-privacy-and-security-act\/#primaryimage"},"image":{"@id":"https:\/\/trustarc.com\/resource\/texas-data-privacy-and-security-act\/#primaryimage"},"thumbnailUrl":"https:\/\/trustarc.com\/wp-content\/uploads\/2024\/02\/res-feat-rect-pink.png","datePublished":"2023-06-25T11:05:00+00:00","dateModified":"2025-07-16T18:56:36+00:00","description":"The Texas Data Privacy and Security Act is the state\u2019s comprehensive data privacy law giving consumers greater protection and control over how their data is collected or used.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/trustarc.com\/resource\/texas-data-privacy-and-security-act\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/trustarc.com\/resource\/texas-data-privacy-and-security-act\/#primaryimage","url":"https:\/\/trustarc.com\/wp-content\/uploads\/2024\/02\/res-feat-rect-pink.png","contentUrl":"https:\/\/trustarc.com\/wp-content\/uploads\/2024\/02\/res-feat-rect-pink.png","width":610,"height":152},{"@type":"WebSite","@id":"https:\/\/trustarc.com\/#website","url":"https:\/\/trustarc.com\/","name":"TrustArc","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/trustarc.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/trustarc.com\/wp-json\/wp\/v2\/resource\/4249","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/trustarc.com\/wp-json\/wp\/v2\/resource"}],"about":[{"href":"https:\/\/trustarc.com\/wp-json\/wp\/v2\/types\/resource"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/trustarc.com\/wp-json\/wp\/v2\/media\/1694"}],"wp:attachment":[{"href":"https:\/\/trustarc.com\/wp-json\/wp\/v2\/media?parent=4249"}],"wp:term":[{"taxonomy":"topic-resource","embeddable":true,"href":"https:\/\/trustarc.com\/wp-json\/wp\/v2\/topic-resource?post=4249"},{"taxonomy":"type-resource","embeddable":true,"href":"https:\/\/trustarc.com\/wp-json\/wp\/v2\/type-resource?post=4249"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}