Texas Commercial Code Chapter 521 Data Destruction

BUSINESS AND COMMERCE CODE TITLE 11. PERSONAL IDENTITY INFORMATION SUBTITLE B. IDENTITY THEFT CHAPTER 521. UNAUTHORIZED USE OF IDENTIFYING INFORMATION SUBCHAPTER A. GENERAL PROVISIONS Sec. 521.001. SHORT TITLE. This chapter may be cited as the Identity Theft Enforcement and Protection Act. Added by Acts 2007, 80th Leg., R.S., Ch. 885 (H.B. 2278), Sec. 2.01, eff. April 1, 2009. Sec. 521.002. DEFINITIONS. (a) In this chapter: (1) “Personal identifying information” means information that alone or in conjunction with other information identifies an individual, including an individual’s: (A) name, social security number, date of birth, or government-issued identification number; (B) mother’s maiden name; (C) unique biometric data, including the individual’s fingerprint, voice print, and retina or iris image; (D) unique electronic identification number, address, or routing code; and (E) telecommunication access device as defined by Section 32.51, Penal Code. (3) “Victim” means a person whose identifying information is used by an unauthorized person. (2) “Sensitive personal information” means, subject to Subsection (b): (A) an individual’s first name or first initial and last name in combination with any one or more of the following items, if the name and the items are not encrypted: (i) social security number; (ii) driver’s license number or government-issued identification number; or (iii) account number or credit or debit card number in combination with any required security code, access code, or password that would permit access to an individual’s financial account; or (B) information that identifies an individual and relates to: (i) the physical or mental health or condition of the individual; (ii) the provision of health care to the individual; or (iii) payment for the provision of health care to the individual. (b) For purposes of this chapter, the term “sensitive personal information” does not include publicly available information that is lawfully made available to the public from the federal government or a state or local government. Added by Acts 2007, 80th Leg., R.S., Ch. 885 (H.B. 2278), Sec. 2.01, eff. April 1, 2009. Amended by: Acts 2009, 81st Leg., R.S., Ch. 419 (H.B. 2004), Sec. 1, eff. September 1, 2009. SUBCHAPTER B. IDENTITY THEFT Sec. 521.051. UNAUTHORIZED USE OR POSSESSION OF PERSONAL IDENTIFYING INFORMATION. (a) A person may not obtain, possess, transfer, or use personal identifying information of another person without the other person’s consent and with intent to obtain a good, a service, insurance, an extension of credit, or any other thing of value in the other person’s name. (b) It is a defense to an action brought under this section that an act by a person: (1) is covered by the Fair Credit Reporting Act (15 U.S.C. Section 1681 et seq.); and (2) is in compliance with that Act and regulations adopted under that Act. (c) This section does not apply to: (1) a financial institution as defined by 15 U.S.C. Section 6809; or (2) a covered entity as defined by Section 601.001 or 602.001, Insurance Code. Added by Acts 2007, 80th Leg., R.S., Ch. 885 (H.B. 2278), Sec. 2.01, eff. April 1, 2009. Added by Acts 2007, 80th Leg., R.S., Ch. 885 (H.B. 2278), Sec. 2.01, eff. April 1, 2009. Amended by: Acts 2009, 81st Leg., R.S., Ch. 419 (H.B. 2004), Sec. 2, eff. September 1, 2009.