BUSINESS AND COMMERCE CODE
TITLE 11. PERSONAL IDENTITY INFORMATION
SUBTITLE B. IDENTITY THEFT
CHAPTER 521. UNAUTHORIZED USE OF IDENTIFYING INFORMATION
SUBCHAPTER A. GENERAL PROVISIONS
Sec. 521.001. SHORT TITLE. This chapter may be cited as the Identity Theft Enforcement and Protection Act.
Added by Acts 2007, 80th Leg., R.S., Ch. 885 (H.B. 2278), Sec. 2.01, eff. April 1, 2009.
Sec. 521.002. DEFINITIONS. (a) In this chapter:
(1) “Personal identifying information” means information that alone or in conjunction with other information identifies an individual, including an individual’s:
(A) name, social security number, date of birth, or government-issued identification number;
(B) mother’s maiden name;
(C) unique biometric data, including the individual’s fingerprint, voice print, and retina or iris image;
(D) unique electronic identification number, address, or routing code; and
(E) telecommunication access device as defined by Section 32.51, Penal Code.
(3) “Victim” means a person whose identifying information is used by an unauthorized person.
(2) “Sensitive personal information” means, subject to Subsection (b):
(A) an individual’s first name or first initial and last name in combination with any one or more of the following items, if the name and the items are not encrypted:
(i) social security number;
(ii) driver’s license number or government-issued identification number; or
(iii) account number or credit or debit card number in combination with any required security code, access code, or password that would permit access to an individual’s financial account; or
(B) information that identifies an individual and relates to:
(i) the physical or mental health or condition of the individual;
(ii) the provision of health care to the individual; or
(iii) payment for the provision of health care to the individual.
(b) For purposes of this chapter, the term “sensitive personal information” does not include publicly available information that is lawfully made available to the public from the federal government or a state or local government.
Added by Acts 2007, 80th Leg., R.S., Ch. 885 (H.B. 2278), Sec. 2.01, eff. April 1, 2009.
Amended by:
Acts 2009, 81st Leg., R.S., Ch. 419 (H.B. 2004), Sec. 1, eff. September 1, 2009.
SUBCHAPTER B. IDENTITY THEFT
Sec. 521.051. UNAUTHORIZED USE OR POSSESSION OF PERSONAL IDENTIFYING INFORMATION. (a) A person may not obtain, possess, transfer, or use personal identifying information of another person without the other person’s consent and with intent to obtain a good, a service, insurance, an extension of credit, or any other thing of value in the other person’s name.
(b) It is a defense to an action brought under this section that an act by a person:
(1) is covered by the Fair Credit Reporting Act (15 U.S.C. Section 1681 et seq.); and
(2) is in compliance with that Act and regulations adopted under that Act.
(c) This section does not apply to:
(1) a financial institution as defined by 15 U.S.C. Section 6809; or
(2) a covered entity as defined by Section 601.001 or 602.001, Insurance Code.
Added by Acts 2007, 80th Leg., R.S., Ch. 885 (H.B. 2278), Sec. 2.01, eff. April 1, 2009.
Sec. 521.052. BUSINESS DUTY TO PROTECT SENSITIVE PERSONAL INFORMATION. (a) A business shall implement and maintain reasonable procedures, including taking any appropriate corrective action, to protect from unlawful use or disclosure any sensitive personal information collected or maintained by the business in the regular course of business. (b) A business shall destroy or arrange for the destruction of customer records containing sensitive personal information within the business’s custody or control that are not to be retained by the business by: (1) shredding; (2) erasing; or (3) otherwise modifying the sensitive personal information in the records to make the information unreadable or indecipherable through any means. (c) This section does not apply to a financial institution as defined by 15 U.S.C. Section 6809. (d) As used in this section, “business” includes a nonprofit athletic or sports association.
Added by Acts 2007, 80th Leg., R.S., Ch. 885 (H.B. 2278), Sec. 2.01, eff. April 1, 2009.
Amended by:
Acts 2009, 81st Leg., R.S., Ch. 419 (H.B. 2004), Sec. 2, eff. September 1, 2009.