Skip to content

Overview of Texas data privacy laws

Texas is one of the richest states in the USA and has been receiving a large amount of tech companies in recent years: Oracle, Cloudflare, and Tesla changed cities like Palo Alto and San Francisco for Austin and Houston. So now you may be wondering: why did they change? And what is the relationship between cybersecurity and the Texan economy? Read more ahead in this article:

  • Why Is Texas Turning Into the New Silicon Valley?

The name “Silicon Hills” initially referred to the mountainous terrain on the West side of Austin, but now it makes a clear parallel to Silicon Valley. Austin has always housed many companies focused on technology, but in recent years, the growth has been exponential, and giants such as Google and Amazon have migrated to the region, building large facilities.

One of the main reasons is “economic freedom”, a term defended by the current state governor, Greg Abbott. Local politicians aim to attract more and more new investors to the state. In addition to not having a state income tax, Texas prioritizes job creation, providing social and income equality. Therefore, it imposes fewer regulations on local companies, which ends up facilitating and cheapening operations in the region.

Besides all these advantages, the state promises to be fun and politically progressive, with a large academic center, and prestigious universities spread throughout its territory. Therefore, companies moving to the region can rely on a highly skilled and diverse workforce.

  • What are the segments that play a critical role in Texas economy (besides technology) and how they relate to cybersecurity?

Texas’ economy plays a major role in the U.S. economy. The state used to have an economy focused on agriculture, more precisely on cotton crops and livestock, but its economy has diversified. Today, oil and aerospace industries also play a major role.

Besides the technology industry field, Texas is also home to one of the largest natural energy reserves in the United States and to organizations such as NASA and SpaceX, which drive the aerospace market. One of the consequences of this phenomenon is that the region has become one of the richest in the country, offering life quality at a low cost, which ends up attracting the attention not only from people and companies but also from hacckers that aims to attack their critical infrastructures.

Critical infrastructure is related to the assets, systems, facilities, networks, and all other elements that maintain the national security, economic vitality, and public health of a region. There are numerous sectors considered critical that have some type of dependence on technology for their operation, management, or automation. 

It is also quite important to keep critical infrastructures secure. The sectors focused on the economy of a region are also classified as critical infrastructures. Which is why there is a need to invest in cybersecurity, as well as to develop laws and regulations that help protect data and services.

  • Are there any data protection acts in Texas?

Unlike other countries, the United States does not have a General Data Protection Law in a the federal level. But there are recent regulations, more localized ones, which deal with specific areas, regulating the use of certain types of data or some industries, such as health, finance, and telecommunications.

The laws at the state level are intended to cover points that federal laws do not. In this way, each state has the freedom to enact its own rules regarding data and information protection.

With this information, here we will present a brief overview of data and information protection laws in the state of Texas.

1 – Texas Privacy Act (2019):

The Texas Privacy Act made some changes to previous data breach notification laws, which include the following:

  • Companies must provide notice of data breaches that affected individuals within 60 days from the event.
  • Companies experiencing a data breach that affects 250 or more people must notify the Texas Attorney General’s office.
  • The Privacy Protection Advisory Council was created to advise on possible changes to existing privacy laws.

2 – Texas Cybercrime Act:

The cybercrime law has created new criminal offenses for denial-of-service (DoS) attacks, ransomware facilities, and intentional data alteration.

3 – Student Privacy Act:

This act forbids the sale of student personal data, creating ads for students based on data shared by educational institutions or suppliers, and broadly forbids the disclosure of student data.

4 – Medical Privacy Act:

This act provides privacy protection complementary to the requirements of the Health Insurance Portability and Accountability Act (HIPAA). It requires employee training, providing electronic health records at the patient’s request, notification of a breach, and patient authorization for disclosure of health-related information.

5 – Biometric Privacy Law:

The Biometric Privacy Law forbids the capture, sale, or scanning of iris, fingerprint, or facial geometry without the consent of the person. 

6 – Identity Theft Law:

It forbids to identity theft, that is, the use of a person’s identifying information to obtain goods, services, and personal credit. The Identity Theft Law also requires companies to adopt procedures to protect customer data from illegal uses.

The laws presented are always undergoing modifications to maintain the privacy and security of information and personal data, as well as services and companies present within the territory.

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Senhasegura
Senhasegura strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.

What is cyber insurance and what does the MFA insurance mandate mean?

In this blog we’ll give an overview about what a cyber insurance is and what you need to get it. Furthermore, we’ll talk about why multi factor authentication (MFA) has become a mandatory requirement to get one of those cyber insurance coverages.

What is cyber insurance?

What does cyber insurance mean?

A cybersecurity insurance or cyber liability insurance is a coverage against financial losses caused by cyber incidents (for example data breaches) and offers technical and recovery support.

To define the cost of your insurance, cyber liability insurers will look at multiple risk-factors, like for example, what industry you’re in, which way the organization covers data and of course, which security measures the organization already has in place.

There are various requirements that insurance companies define for organizations to be eligible for the insurance coverage. One of the most fundamental ones that most insurers ask for nowadays is Multi factor authentication (MFA).

Questions about training for employees will for sure be on the questionnaires you’ll need to fill in for an insurance quote.

All depends of course on the type of insurance you take.

It is important to understand that a cyber insurance coverage will not help you to identify cyber risks themselves, nor will they eliminate these. However, when your organization would be hurt by a cyber attack or data breach, having a cyber liability insurance will help you to, for example, recover compromised data, restore personal identities, or repair your damaged computer systems.

Some examples of events that could be covered by your insurance:

  • Data loss or breach (after hacking, employee theft, loss of memory stick, …)
  • Computer fraud
  • Business interruption due to a breach

Keep in mind that an insurance like this will protect you financially regarding your digital assets, but it won’t be able to cover every possible risk.

What does cyber insurance not cover?

Cyber liability insurance doesn’t cover claims of property damage or bodily injury. For this, you will need a general liability insurance, as a cyber one does not protect you against these claims.

Furthermore, your insurance (probably) also won’t cover:

  • Potential lost profits in the future.
  • Cost of restoring and improving your computer systems to a higher level of functionality than they were following a cyber event.
  • Loss of value caused by the theft of intellectual property from your company.
  • A lawsuit for any potential vulnerability in the systems of your organizations before a breach.

How much does cybersecurity insurance cost?

It’s not possible to give an exact answer on this question as it really depends of the protocols and systems you already have in place for cybersecurity. Cyber insurers will look at your current state to provide you with an exact cost of the cyber insurance policy. However, we see that the prices have been increasing on the cyber insurance market. So be sure to investigate what you can do to lower your premium.

How can you get a cybersecurity insurance?

What do you need to get such a cyber liability insurance? What is expected by cyber insurance providers to have in place already when looking for an insurance? To purchase one, you’ll have to provide information about your security controls to insurance underwriters.

What do you need to get a cyber insurance?

Insurance providers (like for example Hiscox, Chubb, AIG, The Hartford, …) will carry out a cyber insurance risk assessment to define your premium and coverage limits. You will have to fill out a questionnaire about your cybersecurity protocols, IT risk management, protocols, … The better you score on this one, the less expensive your coverage will be.

One of the minimum common requirements to get one nowadays is having Multi Factor Authentication (MFA) enabled for administrators and privileged users. This cyber insurance MFA mandate exists, because the additional layer is seen as a fundamental access security measure to protect not only on-site but also remote access. If you only use a password, cyber insurers will believe compromised accounts are inevitable for your organization’s future.

Of course, securing a password with MFA (for privileged and not privileged access) is no silver bullet that can protect against every attack, but it’s certainly a vital layer organizations will need. This MFA insurance requirement is thus something you’ll have to keep in mind when considering an insurance.

Furthermore, there are some more steps that (often) are standard requirements to get a cyber insurance:

  • All PCs must have antivirus software (up to date)
  • Company network must be protected by a firewall
  • Companies should back up business data, by using external media or a secure cloud service (this should be done regularly)
  • Users that want to have or gain access must follow a secure process
To get a cyber insurance coverage, you’ll need to fulfill some requirements.

What can you do extra to lower your cyber insurance?

There are multiple steps you can take to lower your premium. We’ve listed 5 of the most common industry practices that you should definitely take a look at:

  • Organize regular cyber training for employees
  • Make sure stored data is limited and restrict network access
  • Have 24/7 monitoring of suspicious activity
  • Provide solid recover procedures

What is Multi factor authentication (mfa) and why do you need it?

What does Multi factor authentication mean?

Authentication means the process of verifying the identity of a user. With Multifactor authentication this process exists of at least 2 different authentication factors. We speak specifically of two factor authentication when there are only 2 factors, and even that is already better than just one factor.

Knowledge factor

One factor to authenticate can be something you know like a password or a pin. Sometimes the knowledge factor can also be a security question that you’ll need the answer to gain access.

Possession factor

You can authenticate with something you have, like for example your phone. By using authenticator applications on your device, you can then receive a one-time code, that only works during a restricted time. Or you can receive a SMS code with a security key that you then fill in.

Inherence factor

This refers to something you ‘are’, more specifically biometric data. Sometimes fingerprints or face IDs are used to recognize the user’s identity.

Why do you need to implement MFA?

Multi factor authentication is seen as the extra layer to authentication that organizations need to avoid that compromised passwords can lead to a compromised network. If you adopt MFA as an extra security measure, you can protect your sensitive data, even if there are compromised credentials.

Often criminals of cyber threats try to gain broader access via individual users, and they have various strategies (phising, password spraying, credential stuffing, …) to get these passwords. If you use credentials with this extra security step like MFA, you’re making it more difficult for them.

To minimize the impact of cyber attacks on your IT infrastructure, insurers will inform you on this mfa insurance requirement for security when you’re reaching out to them.

How can you mitigate your organization’s remote access cybersecurity risks?

Awingu aggregates different applications, desktops and file servers and makes them available (with the possibility of single sign on) for your remote workforce in the browser via its ‘RDP-to-HTML5’ gateway. As Awingu runs completely in the browser, it’s possible to work on a Chromebook, iPad, mobile device, laptop, … any device really!

A variety of security features come bundled with our all-in-one solution:

  • Browser-based solution: All runs and stays in the browser. No direct connection with the end-user device, so no need to install extra antivirus software on the PC.
  • Secure authentication process: MFA is built-in, or you can integrate another commercial platform that you already have in place.
  • Context-awareness: It’s possible to define geo locations and/or IP addresses as safe zones per user (group) or feature.
  • No local data: There is no data stored locally on the device, ever.
  • Auditing: Access to various auditing capabilities like session recording, usage control, anomaly detection, …


About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Awingu
Awingu produces a browser-based Unified Workspace solution. It allows users to work and collaborate from virtually anywhere using any device compatible with HTML5 browsers. As a turnkey solution, Awingu offers businesses the ease and convenience of platform-independent mobility and offers everything you need to stay productive: legacy and cloud applications, documents and data. Awingu requires zero configuration and zero client software installation, making IT administration extremely simple.



Click one of our contacts below to chat on WhatsApp