Texas Data Privacy and Security Act

Texas Data Privacy and Security Act, in force 1 Jul 2024 — follows the Virginia template + UOOM honour from 1 Jan 2025. Sole TX AG enforcement, 30-day cure (not sunsetting), civil penalties up to $7,500/violation. Most aggressive comprehensive-state-law enforcer in 2024-2026: dedicated Privacy Enforcement Team (Jun 2024); Allstate/Arity lawsuit (13 Jan 2025 — first comprehensive-state-law action, $7,500/TDPSA + $10,000/Texas Insurance Code + $100/day Data Broker Law across 45M+ allegedly affected drivers); 100+ companies under investigation by mid-2025; Pieces Technologies (gen AI in hospitals); GM (1.5M+ Texans, connected vehicles); DeepSeek noncompliance notice (May 2025); Google $1.375B settlement (May 2025, multi-statute); Meta $1.4B (CUBI biometric, Jul 2024). National-security enforcement is a Texas-specific vector.

Composition

15 controls currently indexed; participates in 11 cross-framework synthesis clusters.

Participates in synthesis

Each cluster listed below combines this framework's controls with operationally equivalent controls from other frameworks, resolving the overlap into a single audit-defensible specification.

• Automated Decision-Making Technology — pre-use notice, opt-out, access rights
• Children's privacy across US states — heightened protections
• Consent management — capture, modify, withdraw across jurisdictions
• Cross-jurisdiction consumer / Data Principal rights — operational fabric
• Data broker registration and obligations (US states)
• GDPR data subject rights — Articles 12-22 operational implementation
• Multi-factor authentication — universal MFA across access types
• PII principal rights — comprehensive ISO 27701-anchored programme
• Processor / service provider contract requirements across jurisdictions
• Sensitive personal information — heightened protection across jurisdictions
• Universal Opt-Out Mechanism (UOOM) / Global Privacy Control honour across US states