Texas Statutes (Last Updated: January 4, 2014) |
BUSINESS AND COMMERCE CODE |
Title 11. PERSONAL IDENTITY INFORMATION |
Subtitle B. IDENTITY THEFT |
Chapter 521. UNAUTHORIZED USE OF IDENTIFYING INFORMATION |
Subchapter B. IDENTITY THEFT |
Sec. 521.052. BUSINESS DUTY TO PROTECT SENSITIVE PERSONAL INFORMATION
-
(a) A business shall implement and maintain reasonable procedures, including taking any appropriate corrective action, to protect from unlawful use or disclosure any sensitive personal information collected or maintained by the business in the regular course of business.
(b) A business shall destroy or arrange for the destruction of customer records containing sensitive personal information within the business's custody or control that are not to be retained by the business by:
(1) shredding;
(2) erasing; or
(3) otherwise modifying the sensitive personal information in the records to make the information unreadable or indecipherable through any means.
(c) This section does not apply to a financial institution as defined by 15 U.S.C. Section 6809.
(d) As used in this section, "business" includes a nonprofit athletic or sports association.