While California has moved to establish a new agency dedicated to enforcing its comprehensive data privacy laws, other states, including Texas, have left this task up to their attorneys general, whose offices are broadly tasked with policing an array of consumer protection laws.
The Texas statute requires the attorney general to notify companies of alleged violations and give them 30 days to remedy these issues. If the company fails to do so, Paxton’s office can initiate an enforcement action to collect civil penalties of up to $7,500 per violation and injunctive relief, as well as attorney fees and other expenses incurred in investigating and bringing the matter.
Aside from enforcing the consumer data privacy law, the new team will also spearhead efforts to enforce the state’s Biometric Identifier Act, one of only three state biometric data privacy laws in the nation. The other two are on the books in Illinois and Washington.
The Biometric Identifier Act, enacted in 2009, prevents a person from capturing biometric data, such as fingerprints and face scans, from an individual without that individual’s informed consent. It further prohibits the distribution or disclosure of that data to third parties and requires any data to be destroyed within a year of its collection.
