Keeping you up to date on trends, emerging exposures and other critical issues.

Texas Law Mandates Notifications

The Dallas skyline and the reflecting pool at City Hall at night, in Dallas, Texas.

In Texas, companies are now more responsible for handling and reporting cyber breaches that have occurred to instate as of January 1st.

In recent months and years, many high-profile breaches such as Equifax and British Airways were reported weeks and sometimes months before it was revealed to the public. The state of Texas has become the latest in mandating a specific reporting time for Cyber breaches. Any company operating in its borders MUST report said breach to the Attorney General’s office and by extension publicly within 60 says. The affected company must also report if there is more than 250 people affected by the breach. According to Kris Humphreys, Cyber Security Expert with Anfield Group, "It's the transparency that needs to be there between the consumer and the tech provider themselves."[1]

As it stands, some states don’t have laws to mandate revealing whether a company has been breached. As we enter 2020 and breaches continue to be reported, clarity is needed between companies and the public when handling their customer’s data.