Last week, the Texas AG’s office began an enforcement sweep of apparent violations of Texas’ Data Broker Law (the “Law”). Specifically, over 100 companies received letters for alleged failure to register as data brokers with the Texas Secretary of State by the March 1, 2024 deadline.

The Law defines a Data Broker as “a business entity whose principal source of revenue is derived from the collecting, processing, or transferring of personal data that the entity did not collect directly from the individual linked or linkable to the data.” The penalty for a Data Broker who violates the registration requirement is up to $10,000.00 within a 12-month period. The Law also imposes additional requirements such as the need to develop, implement, and maintain a comprehensive information security program.

This sweep comes on the heels of Texas Attorney General Ken Paxton’s recent investigation into several auto manufacturers for alleged violations of The Texas Deceptive Trade Practices – Consumer Protection Act stemming from reports that data was collected and sold without appropriate notice to consumers.

These enforcement activities appear to only be the beginning as Attorney General Paxton’s newly established data privacy and security initiative will “aggressively enforce” laws such as Texas’ Data Privacy and Security Act, the Identify Theft Enforcement and Protection Act, the Data Broker Law, the Biometric Identifier Act, the Deceptive Trade Practices Act as well as federal laws including the Children’s Online Privacy Protection Act (COPPA) and the Health Insurance Portability and Accountability Act (HIPAA).

“We are strengthening our enforcement of privacy laws to protect our citizens,” said Attorney General Paxton.

July 1, 2024 is the next big enforcement date for Texas as the Data Privacy and Security Act will go into effect and impose new requirements on companies who collect and/or process the personal data of Texas’ residents (see our prior posts discussing the TDPSA here and here).

The Privacy World team will continue monitoring the latest privacy enforcement activity to keep you in the loop.


Disclaimer: While every effort has been made to ensure that the information contained in this article is accurate, neither its authors nor Squire Patton Boggs accepts responsibility for any errors or omissions. The content of this article is for general information only and is not intended to constitute or be relied upon as legal advice.