Texas Data Privacy and Security Act
A view of the skyline in Austin, TX

The Texas Data Privacy and Security Act will come into effect on July 1, 2024.

The TDPSA is the tenth comprehensive state consumer privacy law to be approved in the United States.

The Virginia Consumer Data Protection Act is thought to be the framework used for the basis of the TDPSA.

Value Privacy’s experts are able to help your organization prepare and become fully compliant with any privacy laws that impact your business.

Get in touch to find out how we can help you.

Who does it impact?

The Texas Data Security and Privacy Act have taken a different approach compared to the existing privacy laws we’ve seen in the US.

Entities that meet the following standards are required to comply:

  • Conducts business in Texas or generates products or services consumed by Texas residents
  • Processes or engages in the sale of personal data
  • Do not identify as a small business as defined by the U.S. Small Business Administration.


  • Non-profits
  • Institutions of higher educations
  • Electric utilities, power generation companies and retail electric providers
  • Financial entities covered by the Gramm-Leach-Bliley Act (GLBA)
  • “Covered entities” and “business associates” as covered by HIPAA
  • Other data exemptions.

Consumer Rights

The right to confirm whether a controller is processing their personal data and access that data. Unless such actions would reveal a trade secret.

Inaccuracies in their personal data (with some limitation).

Personal data provided by or about the consumer.

The right to obtain a portable copy of their personal data to the extent that is technically feasible and provided the controller will not be required to reveal any trade secret.

Of the processing of personal data for the purposes of: targeted advertising; sale of personal data; or, profiling in connection with automated decisions that produce legal or similarly significant effects concerning the customer.


The Texas Attorney General is responsible for enforcing the Act. Violations of the TDSPA could result in civil penalties up to $7,500 per violation.

cure period

Businesses will be allowed a 30-notice cure period before the Attorney General will be able to bring enforcement action.

Value Privacy are on hand to make sure your business is compliant with data and privacy regulations. Whether you need a privacy health check or you want help to make sure you and your business are ready for the arrival of the Colorado Privacy Act, we’re here to help. You can find out more about what we do or contact us and have a chat about your needs.