top of page
  • PMC CPA
  • Linkedin
Search

What Texas Businesses Need to Know About the Texas Data Privacy and Security Act (TDPSA)

Effective July 1, 2024, the Texas Data Privacy and Security Act (TDPSA) became the broadest consumer data protection law in Texas history, and it has big implications for businesses across the state.


Whether you're running a medical practice in Fort Worth, a CPA firm in Dallas, or a marketing agency in Plano, this new law likely applies to you.


What Is the TDPSA?

The TDPSA is Texas’s version of a comprehensive data privacy law, similar to California's CCPA or Virginia's VCDPA. It gives Texas residents new rights over how their personal data is collected, shared, and sold—and it puts the responsibility on businesses to handle that data securely and transparently.


Who Does It Apply To?

You must comply if your business:

  • Operates in Texas or targets Texas consumers, and

  • Processes or sells the personal data of at least 50,000 individuals annually, or

  • Derives 25% or more of its revenue from selling personal data.

Note: There is no revenue threshold—even small businesses can be affected if they meet the data volume criteria.

What Rights Do Texas Consumers Have?

Under TDPSA, consumers now have the right to:

  1. Access their personal data

  2. Correct inaccuracies

  3. Delete their data

  4. Opt out of:

    • Targeted advertising

    • Sale of personal data

    • Profiling decisions that have legal effects

Businesses must respond to these requests within 45 days.


What Are Businesses Required to Do?

To comply with the TDPSA, businesses must:

  • Post a clear privacy policy explaining data collection and usage

  • Allow consumers to opt out of data sales and targeted ads

  • Implement data security measures

  • Minimize data collection—only gather what is necessary

  • Conduct Data Protection Assessments for high-risk processing

  • Avoid dark patterns—tricky designs that mislead users into giving consent


What Are the Penalties?

Enforcement is handled by the Texas Attorney General, not private citizens. Violations can lead to:

  • $7,500 per violation

  • Mandatory 30-day cure period (fix the issue before penalties kick in)

Good news: If you're proactive about compliance, you have a chance to correct mistakes before facing fines.

Steps to Get Compliant

If you’re not sure where to start, here’s a simple compliance checklist:

  •  Audit the personal data you collect

  •  Update your privacy policy for transparency

  •  Set up opt-out mechanisms (especially for cookies & email)

  •  Train staff on data rights and procedures

  •  Review vendor contracts (third-party processors must also comply)


Why It Matters

Texas is the second-largest economy in the U.S., and this law puts the state on the map for serious consumer data rights. Ignoring it won’t just risk penalties—it could damage your reputation and trust with clients.


For IT teams and MSPs, this is a golden opportunity to guide clients through compliance, risk reduction, and security improvement.


Final Thoughts

The TDPSA isn’t just another legal headache, it’s a wake-up call to treat data as a responsibility, not just a resource. Whether you're in healthcare, finance, retail, or tech, now is the time to tighten up your data policies and put your customers first.


Need help getting compliant? An MSP or IT consultant who understands TDPSA can be your most valuable partner.

 
 
 

Comments

Contact Us

 Addr. 3861 Long Prairie Rd., Suite 100, Flower Mound, TX 75028

Tel. 972-355-3930

Email. info@pmc-it.co

© 2025 PMC Information Technology Solutions

bottom of page