Steve Satterfield writes:
This week, the much talked-about amendments to Texas’s breach notice statute took effect. Wepreviously blogged about these amendments, which are unprecedented in scope. With the amendments, the Texas statute now requires entities doing business in Texas to notify “any individual” whose “sensitive personal information” is acquired in a breach (unless the information is encrypted). The statute makes clear that the “individuals” who must be notified include not only Texas residents but also “residents . . . [of] another state that does not require [the breached entity] to notify the individual of a breach.” This provision appears intended to require notice to be provided to affected residents of the four states without breach notice laws: Alabama, Kentucky, New Mexico and South Dakota.
Read more on InsidePrivacy.