Texas Data Privacy and Security Act

What is TDPSA?


The Texas Data Privacy and Security Act (TDPSA) aims to protect Texas consumers’ personal information by granting them rights and imposing certain duties on businesses.

However, not all businesses have to comply with this law. It applies only to businesses that conduct business in Texas and either:

  • Control or process the personal data of at least 50,000 consumers during a calendar year or

  • Derive over 50% of gross revenue from the sale of personal data and control or process the personal data of at least 25,000 consumers during a calendar year.

TDPSA grants consumers various rights regarding their personal data, including:

  • Right to access and correct personal data.
  • Right to deletion of personal data under certain circumstances.
  • Right to opt out of the sale of personal data.
  • Right to opt out of targeted advertising.
  • Right to receive a portable copy of their personal data.

Imposes obligations on businesses, including:

  • Implementing and maintaining reasonable security measures to protect personal data.
  • Implementing data minimization and purpose limitation.
  • Obtaining opt-in consent for processing sensitive data.
  • Responding to consumer requests within a reasonable timeframe.
  • Disclosing data collection and processing practices in a clear and accessible privacy notice.
  • Allowing consumers to opt out easily.

MergeBase and TDPSA


Even though the Texas privacy law won’t apply to MergeBase due to the significant applicability thresholds, our existing data protection and security protocols surpass the requirements of the Texas statute.

In the event we ever meet the thresholds, we will comply effortlessly with our current practices.


How Can MergeBase Help You Comply with the TDPSA?


Once you determine the most appropriate data security measures for your organizations, MergeBase can help you continuously monitor your systems, helping you stay ahead of potential threats and address them promptly, demonstrating efforts towards robust data security measures.

On top of that, MergeBase proactively identifies and prioritizes vulnerabilities within open-source components used in applications processing personal data. These vulnerabilities can be exploited for unauthorized access, disclosure, or alteration, violating TDPSA’s security requirements.

Finally, our reports can be integrated with patch management tools for faster vulnerability patching, reducing the window of vulnerability for personal data.

Although this will not solve all the compliance issues, it will ensure the strength of your data security systems.