Skip to Content (custom)
Texas Association of Counties
Toggle Navigation (custom)

    Legal Services

    LegalEase Newsletter | FAQs by Subject

    News Article | July 20, 2022

    Health & Safety

    Legal Guidance

    "A member of my staff accidentally sent an email that contained someones's sensitive personal information to the wrong person. What are the notification requirments if this incident affected only one person"

    What are the notification requirements when an individual's sensitive personal information is exposed? 

    Local Government Code §205.010 provides that any local government that owns, licenses or maintains computerized data that includes sensitive personal information shall comply with §521.053, Business and Commerce Code. Under this section, disclosure must be made to any individual whose sensitive personal information was acquired by an unauthorized person. Disclosure should be made as soon as possible, but not later than the 60th day after the date on which the breach was determined to have occurred. Notification may be provided by (1) written notice at the last known address of the individual; or (2) by electronic notice, if the notice is provided in accordance with 15 U.S.C. Section 7001.