Will YOU be ready for how House Bill 4390 might affect you as a business owner starting on January 1st?
One of the many concerns for most business owners is to be compliant with laws and regulations, to avoid getting ambushed and having their business and reputation adversely affected. We want to help keep you in the loop about a new Texas law, HB 4390, that takes effect on January 1st and which most business owners haven’t even heard of yet. Below is an Executive Summary of what you need to know to understand what HB4390 is, how to be compliant, and in general, how to avoid trouble.
HB4390 is a new Texas Law effective on January 1st, 2020, that establishes a mandatory notification to all affected parties when a Data Breach happens. The law specifies the timing to provide notice to all individuals of a breach and adds a requirement also to notify the Texas Attorney General of any breach that exceeds more than 250 Texas residents. With both new requirements, the notifications are be done not later than the 60th day after the date on which a person determined that a breach occurred.
This law will apply to any person or entity that conducts business in Texas and owns or licenses computerized data that includes sensitive “Personal Information.” The law also applies to any entity or person outside of Texas that manages, maintains, and uses information that is owned or stored in Texas. Any person who violates the Act may be liable for civil penalties recoverable by the Attorney General.
Let’s start with the definition of a “Data Breach.” Based on the HB4390 wording, a Data Breach is defined as an unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of sensitive “Personal Information (PI)” maintained by an Entity,
“Personal Information” is defined as an individual’s first name or first initial and last name in combination with any one or more of the following items:
- Social Security Number
- Driver license number or government-issued ID number
- Bank account number
- Credit / Debit card number
- Security Codes of those Credit / Debit Cards
“Personal Information” also includes information that identifies an individual and relates to:
- The physical or mental health or condition of the individual
- The provision of health care to the individual
- Payment for the provision of health care to the individual.
Most businesses have some form of protection and security for their databases that contain client information. HB 4390 raises the stakes on the penalties for not having very secure data breach protection in place. As you know, for the government, there are no excuses like: “I didn’t know about the new law.” The Government doesn’t care if you don’t know or weren’t informed.
The point is, don’t gamble with the potential of getting hit with this new law on January 1st. The financial penalties are bad enough, but the embarrassment and the loss of reputation of having to make a public notification that your business wasn’t properly protected against a data breach would be very painful and damaging.
Now is the time to either review your data breach protection status or else to start planning and acting on what to do to prevent a data breach. Having procedures in place that establish how you and all of your team will handle PI, manage databases, maintain clients and business information, and how you will do proper disposal of sensitive data is one of the first steps. Remember also to train your staff. As in all things, businesses need to be proactive rather than reactive. If you need or want help on how to data protection, call Atiwa Computing today at 713-467-9390 or visit our website at www.atiwa.com