Shawn Shinneman reports:
The Office of the Attorney General hasn’t disciplined a single Texas company for failing to notify customers of a data breach – and records show it is only directly notified of a small portion of the incidents, the Dallas Business Journal has learned.
The issue could stem from the way Texas’ cybersecurity law is constructed. Although it calls for the OAG to penalize companies who don’t notify their customers about data breaches, Texas’ standard doesn’t require businesses to actually report breaches to any governmental agency.
The state is effectively looking for speeders without a radar gun.
Read more on the Dallas Business Journal.