Skip to main content
Find a Lawyer

Texas Business and Commerce Code - BUS & COM § 542.004. Cybersecurity Program

Current as of January 01, 2024 | Updated by Findlaw Staff

(a) For purposes of Section 542.003, a cybersecurity program must:

(1) contain administrative, technical, and physical safeguards for the protection of personal identifying information and sensitive personal information;

(2) conform to an industry-recognized cybersecurity framework as described by Subsection (b);

(3) be designed to:

(A) protect the security of personal identifying information and sensitive personal information;

(B) protect against any threat or hazard to the integrity of personal identifying information and sensitive personal information;  and

(C) protect against unauthorized access to or acquisition of personal identifying information and sensitive personal information that would result in a material risk of identity theft or other fraud to the individual to whom the information relates;  and

(4) with regard to the scale and scope, meet the following requirements:

(A) for a business entity with fewer than 20 employees, simplified requirements, including password policies and appropriate employee cybersecurity training;

(B) for a business entity with at least 20 employees but fewer than 100 employees, moderate requirements, including the requirements of the Center for Internet Security Controls Implementation Group 1;  and

(C) for a business entity with at least 100 employees but fewer than 250 employees, compliance with the requirements of Subsection (b).

(b) A cybersecurity program under this section conforms to an industry-recognized cybersecurity framework for purposes of this section if the program conforms to:

(1) a current version of or any combination of current versions of the following:

(A) the Framework for Improving Critical Infrastructure Cybersecurity published by the National Institute of Standards and Technology (NIST);

(B) the NIST's special publication 800-171;

(C) the NIST's special publications 800-53 and 800-53a;

(D) the Federal Risk and Authorization Management Program's FedRAMP Security Assessment Framework;

(E) the Center for Internet Security Critical Security Controls for Effective Cyber Defense;

(F) the ISO/IEC 27000-series information security standards published by the International Organization for Standardization and the International Electrotechnical Commission;

(G) the Health Information Trust Alliance's Common Security Framework;

(H) the Secure Controls Framework;

(I) the Service Organization Control Type 2 Framework;  or

(J) other similar frameworks or standards of the cybersecurity industry;

(2) if the business entity is subject to its requirements, the current version of the following:

(A) the Health Insurance Portability and Accountability Act of 1996 (42 U.S.C. Section 1320d et seq.);

(B) Title V, Gramm-Leach-Bliley Act (15 U.S.C. Section 6801 et seq.);

(C) the Federal Information Security Modernization Act of 2014 (Pub. L. No. 113-283);  or

(D) the Health Information Technology for Economic and Clinical Health Act (Division A, Title XIII, and Division B, Title IV, Pub. L. No. 111-5);  and

(3) if applicable to the business entity, a current version of the Payment Card Industry Data Security Standard.

(c) If any standard described by Subsection (b)(1) is published and updated, a business entity's cybersecurity program continues to meet the requirements of a program under this section if the entity updates the program to meet the updated standard not later than the later of:

(1) the implementation date published in the updated standard; or

(2) the first anniversary of the date on which the updated standard is published.

Previous Part of Code Next Part of Code
Back to Chapter List

Cite this article: FindLaw.com - Texas Business and Commerce Code - BUS & COM § 542.004. Cybersecurity Program - last updated January 01, 2024 | https://codes.findlaw.com/tx/business-and-commerce-code/bus-com-sect-542-004/

FindLaw Codes may not reflect the most recent version of the law in your jurisdiction. Please verify the status of the code you are researching with the state legislature before relying on it for your legal needs.

Was this helpful?

Welcome to FindLaw's Cases & Codes

A free source of state and federal court opinions, state laws, and the United States Code. For more information about the legal concepts addressed by these cases and statutes, visit FindLaw’s Learn About the Law.

Go to Learn About the Law

Latest Blog Posts

For Legal Professionals

Learn About The Law

Get help with your legal needs

FindLaw’s Learn About the Law features thousands of informational articles to help you understand your options. And if you’re ready to hire an attorney, find one in your area who can help.

Go to Learn About the Law

Need to Find an Attorney?

Search our directory by legal issue

Enter information in one or both fields (Required)

Copied to clipboard