Data Breach Reporting Services Protects

    If your company collects Personally Identifiable Information (PII) and store it within your records, that data may be vulnerable to a data breach. If you possess information that can identify any individual—whether it’s a customer, vendor, or employee, you have a responsibility by law to report any breach to as many as 300 authorities within the U.S. alone.

  CSR's Breach Reporting Service is the only service providing hundreds of thousands of organizations like yours with full reporting services for every possible reporting mandate. As the winner of multiple awards and accolades such as the HP-IAPP Privacy Innovation Award, you can rest assured CSR will handle all aspects of data breach reporting if your business believes its data has been compromised.

     Gruene Shredding is here to help keep all of your data protected at all stages, so we’ve partnered with CSR, the national experts in data breach reporting, to provide your organization with its award-winning CSR Breach Reporting Service(TM). If you experience a breach of data, the privacy professionals at CSR are available 24/7 to handle all the legal requirements of reporting a breach.

After several rounds of revisions Texas finally passes HB 4390.  The legislation revises the notification requirements of the Texas Identity Theft Enforcement and Protection Act § 521.053, Business & Commerce Code and creates the Texas Privacy Protection Advisory Council.

The Texas Privacy Protection Act’s (HB 4360) amendments apply to:

• “A person who conducts business in this state and owns or licenses computerized data that includes sensitive personal information shall disclose any breach of system security, …”, and
• The Texas Privacy Protection Advisory, Council which is composed of fifteen members appointed by the speaker of the House of Representatives, the lieutenant governor and the governor.

Texas businesses must be aware of the updated disclosure time frame and low threshold for reporting to the Attorney General.

Currently, the Texas Identity Theft Enforcement and Protection Act requires that notice be provided “as quickly as possible” to individuals whose sensitive personal information was or is reasonably believed to have been acquired by an unauthorized person.

HB 4390 revises this timing requirement and states that persons conducting business in Texas and owns computerized data are required to provide consumer notification, after discovering or receiving notification of the breach, where the individual’s sensitive personal information is reasonably believed to have been acquired by an unauthorized person without unreasonable delay and no later than the 60th day after the date it is determined a breach has occurred.

Furthermore, notification of the breach must be provided to the attorney general if the breach involves at least 250 Texas residents and no later than the 60th day after the date it is determined a breach has occurred.  The contents of the notification to the attorney general must include:

• a detailed description of the nature and circumstances of the breach or the use of sensitive personal information acquired as a result of the breach;
• the number of residents of this state affected by the breach at the time of notification;
• the measures taken by the person regarding the breach;
• any measures the person intends to take regarding the breach after the notification under this subsection; and
• information regarding whether law enforcement is engaged in investigating the breach.

This potion of the bill goes into effect January 1, 2020.

Under section 2 of HB 4390, the Texas Privacy Protection Advisory Council is created to study and develop recommendations for future Texas data privacy laws, as well as study and evaluate privacy laws of other states and foreign jurisdictions.  The Council’s purpose is to make recommendations to members of the legislature relating to changes in Texas’ laws governing privacy and protection of information including Chapter 521, Business & Commerce Code or to the Penal Code, by September 1, 2020.

The fifteen members of the Council must be selected by September 1, 2019.  The Council will consist of appointed industry representatives who live in Texas, members of the Texas House of Representatives, senators, and a representative of a nonprofit organization that studies or evaluates data privacy laws or a professor who has published writings on data privacy.  The Council will be abolished and this section will expire on December 31, 2020.