What are the notification requirements when an individual's sensitive personal information is exposed?
Local Government Code §205.010 provides that any local government that owns, licenses or maintains computerized data that includes sensitive personal information shall comply with §521.053, Business and Commerce Code. Under this section, disclosure must be made to any individual whose sensitive personal information was acquired by an unauthorized person. Disclosure should be made as soon as possible, but not later than the 60th day after the date on which the breach was determined to have occurred. Notification may be provided by (1) written notice at the last known address of the individual; or (2) by electronic notice, if the notice is provided in accordance with 15 U.S.C. Section 7001.