Beginning January 1, 2020, Texas law requires certain businesses that experience a data breach of system security which affects 250 or more Texans to provide notice of that data breach to the Office of the Texas Attorney General.

Data Breach Submission

How do I provide this required Data Breach Notice to the Texas Attorney General’s Office?

To comply, you may fill out the Data Breach Notice form provided and submit it electronically. Here’s what you need to know:

  • The system can NOT save your form, so you will need to complete it in one sitting.
  • To prepare, you can preview the form.
  • Do NOT hit the “back” button on your browser, or your submission will be cleared.
  • Your data breach notice is potentially an open record. This means that members of the general public may file an open-records request to obtain a copy of your completed form.
  • If you experienced more than one breach, please submit a separate data breach notice for each.

Data Breach Submission

What happens after I submit my completed Data Breach Notice form?

You will automatically receive a confirmation email to let you know that your notice was successfully submitted. You will also receive a record number. Please retain that email-and your assigned record number for your files.

The Consumer Protection Division of the Attorney General’s office will contact you with follow up questions, if any. 

What if I have Questions about the Texas Identity Theft Enforcement and Protection Act and its requirements?

For your convenience, review the Texas Identity Theft Enforcement and Protection Act, or Texas House Bill 4390.

If you have questions about how the law applies to you or need interpretations of the law, please consult with your attorney. The Office of the Attorney General may not serve as your lawyer or provide legal advice or interpretations of the law.