CRW

Home Wiki

Texas Data Privacy and Security Act

View on consumerrights.wiki ↗

Work in progress
This article has been flagged for additional work. Treat its claims as provisional.
Verification concerns
Editors have raised concerns about the verifiability of one or more claims.
Contents4
  1. Rights Codified
  2. Controller and Processor Obligations
  3. Enforcement
  4. References

⚠️ Article status notice: This article has been marked as incomplete

This article needs additional work for its sourcing and verifiability to meet the wiki's Content Guidelines and be in line with our Mission Statement for comprehensive coverage of consumer protection issues. In particular:

  1. needs to use Template:Cite web

This notice will be removed once the issue/s highlighted above have been addressed and sufficient documentation has been added to establish the systemic nature of these issues. Once you believe the article is ready to have its notice removed, please visit the Moderator's noticeboard, or the discord and post to the #appeals channel.

Learn more ▼

This Article Requires Additional Verification

This article has been flagged due to verification concerns. While the topic might have merit, the claims presented lack citations that live up to our standards, or rely on sources that are questionable or unverifiable by our standards. Articles must meet the Moderator Guidelines and Mission statement; factual accuracy and systemic relevance are required for inclusion here!

Why This Article Is In Question

Articles in this wiki are required to:

  • Provide verifiable & credible evidence to substantiate claims.
  • Avoid relying on anecdotal, unsourced, or suspicious citations that lack legitimacy.
  • Make sure that all claims are backed by reliable documentation or reporting from reputable sources.

Examples of issues that trigger this notice:

  • A topic that heavily relies on forum posts, personal blogs, or other unverifiable sources.
  • Unsupported claims with no evidence or citations to back them up.
  • Citations to disreputable sources, like non-expert blogs or sites known for spreading misinformation.
How You Can Improve This Article

To address verification concerns:

  • Replace or supplement weak citations with credible, verifiable sources.
  • Make sure that claims are backed by reputable reporting or independent documentation.
  • Provide additional evidence to demonstrate systemic relevance and factual accuracy. For example:
    • Avoid: Claims based entirely on personal anecdotes or hearsay without supporting documentation.
    • Include: Corporate policies, internal communications, receipts, repair logs, verifiable video evidence, or credible investigative reports.

If you believe this notice has been placed in error, or once the article has been updated to address these concerns, please visit the Moderator's noticeboard, or the #appeals channel on our Discord server: Join here.


The Texas Data Privacy and Security Act ("TDPSA") is a law in the U.S State of Texas that establishes digital privacy rights for Texas state residents and enforces these rights against any company providing services to residents, rather they reside in Texas or not. The law was signed by Governor Greg Abbott on June 18th, 2023, with the majority of the law going into effect on July 1st, 2024, and the universal opt-out mechanisms going into effect January 1st, 2025.

Rights Codified

The TDPSA codified the following privacy rights for Texas residents[1]:

  • Right to Access: Individuals have the right to confirm whether a controller is processing their personal data and to access such data.
  • Right to Correction: Individuals may request corrections to inaccuracies in their personal data held by a controller.
  • Right to Deletion: Individuals have the right to request the deletion of personal data collected by or provided to a controller.
  • Right to Data Portability: Individuals can obtain a copy of their personal data in a readily usable and transferable format.
  • Right to Opt-Out: Individuals may opt out of the processing of personal data for purposes of targeted advertising, the sale of personal data, or profiling that produces significant legal effects.

Controller and Processor Obligations

The TDPSA imposes various obligations on data controllers and processors[2] [3], including:

  • Limiting data collection to what is adequate, relevant, and reasonably necessary for processing purposes.
  • Implementing reasonable administrative, technical, and physical data security practices.
  • Providing a clear and accessible privacy notice that outlines data collection and processing practices.
  • Conducting and documenting data protection assessments for high-risk processing activities.
  • Ensuring contracts between controllers and processors include specific provisions governing personal data handling.

Enforcement

The Texas Attorney General holds exclusive enforcement authority under the TDPSA. Entities found to be in violation are subject to civil penalties of up to $7,500 per violation. Prior to enforcement, the Attorney General may grant a 30-day cure period for organizations to remedy identified violations.[4]

References

  1. "Texas Data Privacy And Security Act | Office of the Attorney General". Office of the Attorney General. Archived from the original on 2026-04-18. Retrieved 31 Mar 2026.
  2. "FAQs for Businesses as Texas Data Privacy Law Takes Effect July 1". Fisher Phillips LLP. Archived from the original on 2026-04-25. Retrieved 31 Mar 2026.
  3. "The Texas Data Privacy Law: An Overview". Clifford Chance. 31 Dec 2023. Archived from the original on 2026-04-25. Retrieved 31 Mar 2026.
  4. "Texas Data Privacy and Security Act (TDPSA)". Consumer Privacy Act (CPA). Archived from the original on 2026-04-14. Retrieved 31 Mar 2026.
Filed under