Texas Laws - Business and Commerce Code
BUSINESS AND COMMERCE CODE
TITLE 10. USE OF TELECOMMUNICATIONS

This chapter may be cited as the Anti-Phishing Act. (11626)

Added by Acts 2007, 80th Leg., R.S., Ch. 885 (H.B. 2278), Sec. 2.01, eff. April 1, 2009. (11627)

Sec. 325.002. DEFINITIONS. (11628)(1-click HTML)

In this chapter: (11629)

(1) "Electronic mail" means a message, file, or other information that is transmitted through a local, regional, or global computer network, regardless of whether the message, file, or information is viewed, stored for retrieval at a later time, printed, or filtered by a computer program that is designed or intended to filter or screen the message, file, or information. (11630)

(2) "Electronic mail address" means a destination, commonly expressed as a string of characters, to which electronic mail may be sent or delivered. (11631)

(3) "Identifying information" has the meaning assigned by Section 32.51, Penal Code. (11632)

(4) "Internet domain name" refers to a globally unique, hierarchical reference to an Internet host or service that is: (11633)

(A) assigned through a centralized Internet naming authority; and (11634)

(B) composed of a series of character strings separated by periods with the right-most string specifying the top of the hierarchy. (11635)

(5) "Web page" means: (11636)

(A) a location that has a single uniform resource locator with respect to the world wide web; or (11637)

(B) another location that can be accessed on the Internet. (11638)

Added by Acts 2007, 80th Leg., R.S., Ch. 885 (H.B. 2278), Sec. 2.01, eff. April 1, 2009. (11639)

Sec. 325.003. INAPPLICABILITY OF CHAPTER. (11640)(1-click HTML)

This chapter does not apply to a telecommunications provider's or Internet service provider's good faith transmission or routing of, or intermediate temporary storing or caching of, identifying information. (11641)

Added by Acts 2007, 80th Leg., R.S., Ch. 885 (H.B. 2278), Sec. 2.01, eff. April 1, 2009. (11642)

Sec. 325.004. CREATION AND USE OF WEB PAGE OR DOMAIN NAME FOR FRAUDULENT PURPOSE PROHIBITED. (11643)(1-click HTML)

A person may not, with the intent to engage in conduct involving the fraudulent use or possession of identifying information of another person: (11644)

(1) create a web page or Internet domain name that is represented as a legitimate online business without the authorization of the registered owner of that business; and (11645)

(2) use that web page or a link to that web page, that domain name, or another site on the Internet to induce, request, or solicit another person to provide identifying information for a purpose that the other person believes is legitimate. (11646)

Added by Acts 2007, 80th Leg., R.S., Ch. 885 (H.B. 2278), Sec. 2.01, eff. April 1, 2009. (11647)

Sec. 325.005. TRANSMISSION OF FRAUDULENT ELECTRONIC MAIL PROHIBITED. (11648)(1-click HTML)

A person may not, with the intent to engage in conduct involving the fraudulent use or possession of identifying information, send or cause to be sent to an electronic mail address held by a resident of this state an electronic mail message that: (11649)

(1) is falsely represented as being sent by a legitimate online business; (11650)

(2) refers or links the recipient to a web page that is represented as being associated with the legitimate online business; and (11651)

(3) directly or indirectly induces, requests, or solicits the recipient to provide identifying information for a purpose that the recipient believes is legitimate. (11652)

Added by Acts 2007, 80th Leg., R.S., Ch. 885 (H.B. 2278), Sec. 2.01, eff. April 1, 2009. (11653)

Sec. 325.006. CIVIL ACTION FOR INJUNCTIVE RELIEF OR DAMAGES. (11654)(1-click HTML)

(a) Any of the following persons may bring a civil action against a person who violates this chapter: (11655)

(1) a person who is engaged in the business of providing Internet access service to the public and is adversely affected by the violation; (11656)

(2) an owner of a web page or trademark who is adversely affected by the violation; or (11657)

(3) the attorney general. (11658)

(b) A person who brings an action under this section may obtain: (11659)

(1) injunctive relief that restrains the violator from continuing the violation; (11660)

(2) subject to Subsection (c), damages in an amount equal to the greater of: (11661)

(A) actual damages arising from the violation; or (11662)

(B) $100,000 for each violation of the same nature; or (11663)

(3) both injunctive relief and damages. (11664)

(c) The court may increase the amount of an award of actual damages in an action brought under this section to an amount not to exceed three times the actual damages sustained if the court finds that the violation has reoccurred with sufficient frequency to constitute a pattern or practice. (11665)

(d) A plaintiff who prevails in an action brought under this section is entitled to recover reasonable attorney's fees and court costs. (11666)

(e) For purposes of this section, violations are of the same nature if the violations consist of the same course of conduct or action, regardless of the number of times the conduct or act occurred. (11667)

Added by Acts 2007, 80th Leg., R.S., Ch. 885 (H.B. 2278), Sec. 2.01, eff. April 1, 2009. (11668)

CHAPTER 326. AUTOMATED SALES SUPPRESSION DEVICES; PHANTOM-WARE (11669)(1-click HTML)
Sec. 326.001. DEFINITIONS. (11670)(1-click HTML)

In this chapter: (11671)

(1) "Automated sales suppression device" means a device or software program that falsifies an electronic record, including transaction data or a transaction report, of an electronic cash register or other point-of-sale system. The term includes a device that carries the software program or an Internet link to the software program. (11672)

(2) "Electronic cash register" means a device or point-of-sale system that maintains a register or documentation through an electronic device or computer system that is designed to record transaction data for the purpose of computing, compiling, or processing retail sales transaction data. (11673)

(3) "Phantom-ware" means a hidden programming option that is embedded in the operating system of an electronic cash register or hardwired into an electronic cash register and that may be used to create a second set of transaction reports or to eliminate or manipulate an original transaction report, which may or may not be preserved in a digital format, to represent the original or manipulated report of a transaction in the electronic cash register. (11674)

(4) "Transaction data" includes data identifying an item purchased by a customer, a price for an item, a taxability determination for an item, a segregated tax amount for an item, an amount of cash or credit tendered for an item, a net amount of cash returned to a customer who purchased an item, a date or time of a purchase, a receipt or invoice number for a transaction, and a vendor's name, address, or identification number. (11675)

(5) "Transaction report" means a report that: (11676)

(A) contains documentation of each sale, amount of tax or fee collected, media total, or discount void at an electronic cash register and that is printed on a cash register tape at the end of a day or a shift; or (11677)

(B) documents every action at an electronic cash register and is stored electronically. (11678)

Added by Acts 2013, 83rd Leg., R.S., Ch. 427 (S.B. 529), Sec. 1, eff. September 1, 2013. (11679)

Sec. 326.002. AUTOMATED SALES SUPPRESSION DEVICES AND PHANTOM-WARE PROHIBITED; CRIMINAL OFFENSE. (11680)(1-click HTML)

(a) A person commits an offense if the person knowingly sells, purchases, installs, transfers, uses, or possesses an automated sales suppression device or phantom-ware. (11681)

(b) An offense under this section is a state jail felony. (11682)

Added by Acts 2013, 83rd Leg., R.S., Ch. 427 (S.B. 529), Sec. 1, eff. September 1, 2013. (11683)

TITLE 11. PERSONAL IDENTITY INFORMATION (11684)(1-click HTML)

SUBTITLE A. IDENTIFYING INFORMATION (11685)(1-click HTML)

CHAPTER 501. PROTECTION OF DRIVER'S LICENSE AND SOCIAL SECURITY NUMBERS (11686)(1-click HTML)
SUBCHAPTER A. CONFIDENTIALITY OF SOCIAL SECURITY NUMBERS (11687)(1-click HTML)
Sec. 501.001. CERTAIN USES OF SOCIAL SECURITY NUMBER PROHIBITED. (11688)(1-click HTML)

(a) A person, other than a government or a governmental subdivision or agency, may not: (11689)

(1) intentionally communicate or otherwise make available to the public an individual's social security number; (11690)

(2) display an individual's social security number on a card or other device required to access a product or service provided by the person; (11691)

(3) require an individual to transmit the individual's social security number over the Internet unless: (11692)

(1) the Internet connection is secure; or (11693)

(2) the social security number is encrypted; (11694)

(4) require an individual's social security number for access to an Internet website unless a password or unique personal identification number or other authentication device is also required for access; or (11695)

(5) except as provided by Subsection (f), print an individual's social security number on any material sent by mail, unless state or federal law requires that social security number to be included in the material. (11696)

(b) A person using an individual's social security number before January 1, 2005, in a manner prohibited by Subsection (a) may continue that use if: (11697)

(1) the use is continuous; and (11698)

(2) beginning January 1, 2006, the person provides to the individual an annual disclosure stating that, on written request from the individual, the person will stop using the individual's social security number in a manner prohibited by Subsection (a). (11699)

(c) A person, other than a government or a governmental subdivision or agency, may not deny a service to an individual because the individual makes a written request under Subsection (b)(2). (11700)

(d) If a person receives a written request from an individual directing the person to stop using the individual's social security number in a manner prohibited by Subsection (a), the person shall comply with the request not later than the 30th day after the date the request is received. The person may not impose a fee for complying with the request. (11701)

(e) This section does not apply to: (11702)

(1) the collection, use, or release of a social security number required by state or federal law, including Chapter 552, Government Code; (11703)

(2) the use of a social security number for internal verification or administrative purposes; (11704)

(3) a document that is recorded or required to be open to the public under Chapter 552, Government Code; (11705)

(4) a court record; or (11706)

(5) an institution of higher education if the use of a social security number by the institution is regulated by Chapter 51, Education Code, or another provision of the Education Code. (11707)

(f) Subsection (a)(5) does not apply to an application or form sent by mail, including a document sent: (11708)

(1) as part of an application or enrollment process; (11709)

(2) to establish, amend, or terminate an account, contract, or policy; or (11710)

(3) to confirm the accuracy of a social security number. (11711)

Added by Acts 2007, 80th Leg., R.S., Ch. 885 (H.B. 2278), Sec. 2.01, eff. April 1, 2009. (11712)

Sec. 501.002. CERTAIN USES OF SOCIAL SECURITY NUMBER PROHIBITED; REMEDIES. (11713)(1-click HTML)

(a) A person may not print an individual's social security number on a card or other device required to access a product or service provided by the person unless the individual has requested in writing that printing. The person may not require a request for that printing as a condition of receipt of or access to a product or service provided by the person. (11714)

(b) A person who violates this section is liable to this state for a civil penalty in an amount not to exceed $500 for each violation. The attorney general or the prosecuting attorney in the county in which the violation occurs may bring an action to recover the civil penalty imposed under this section. (11715)

(c) The attorney general may bring an action in the name of the state to restrain or enjoin a person from violating this section. (11716)

(d) This section does not apply to: (11717)

(1) the collection, use, or release of a social security number required by state or federal law, including Chapter 552, Government Code; or (11718)

(2) the use of a social security number for internal verification or administrative purposes. (11719)

(e) This section applies to a card or other device issued in connection with an insurance policy only if the policy is delivered, issued for delivery, or renewed on or after March 1, 2005. (11720)

Added by Acts 2007, 80th Leg., R.S., Ch. 885 (H.B. 2278), Sec. 2.01, eff. April 1, 2009. (11721)

SUBCHAPTER B. PRIVACY POLICY TO PROTECT SOCIAL SECURITY NUMBERS (11722)(1-click HTML)
Sec. 501.051. INAPPLICABILITY OF SUBCHAPTER. (11723)(1-click HTML)

This subchapter does not apply to: (11724)

(1) a person who is required to maintain and disseminate a privacy policy under: (11725)

(A) the Gramm-Leach-Bliley Act (15 U.S.C. Sections 6801 to 6809); (11726)

(B) the Family Educational Rights and Privacy Act of 1974 (20 U.S.C. Section 1232g); or (11727)

(C) the Health Insurance Portability and Accountability Act of 1996 (42 U.S.C. Section 1320d et seq.); (11728)

(2) a covered entity under rules adopted by the commissioner of insurance relating to insurance consumer health information privacy or insurance consumer financial information privacy; (11729)

(3) a governmental body, as defined by Section 552.003, Government Code, other than a municipally owned utility; (11730)

(4) a person with respect to a loan transaction, if the person is not engaged in the business of making loans; or (11731)

(5) a person subject to Section 901.457, Occupations Code. (11732)

Added by Acts 2007, 80th Leg., R.S., Ch. 885 (H.B. 2278), Sec. 2.01, eff. April 1, 2009. (11733)

Amended by: (11734)

Acts 2009, 81st Leg., R.S., Ch. 87 (S.B. 1969), Sec. 4.009(a), eff. September 1, 2009. (11735)

Sec. 501.052. PRIVACY POLICY NECESSARY TO REQUIRE DISCLOSURE OF SOCIAL SECURITY NUMBER. (11736)(1-click HTML)

(a) A person may not require an individual to disclose the individual's social security number to obtain goods or services from or enter into a business transaction with the person unless the person: (11737)

(1) adopts a privacy policy as provided by Subsection (b); (11738)

(2) makes the privacy policy available to the individual; and (11739)

(3) maintains under the privacy policy the confidentiality and security of the social security number disclosed to the person. (11740)

(b) A privacy policy adopted under this section must include: (11741)

(1) how personal information is collected; (11742)

(2) how and when the personal information is used; (11743)

(3) how the personal information is protected; (11744)

(4) who has access to the personal information; and (11745)

(5) the method of disposal of the personal information. (11746)

Added by Acts 2007, 80th Leg., R.S., Ch. 885 (H.B. 2278), Sec. 2.01, eff. April 1, 2009. (11747)

Sec. 501.053. CIVIL PENALTY; INJUNCTION. (11748)(1-click HTML)

(a) A person who violates Section 501.052(a) is liable to this state for a civil penalty in an amount not to exceed $500 for each calendar month during which a violation occurs. The civil penalty may not be imposed for more than one violation that occurs in a month. The attorney general or the prosecuting attorney in the county in which the violation occurs may bring an action to recover the civil penalty imposed under this section. (11749)

(b) The attorney general may bring an action in the name of the state to restrain or enjoin a person from violating Section 501.052(a). (11750)

Added by Acts 2007, 80th Leg., R.S., Ch. 885 (H.B. 2278), Sec. 2.01, eff. April 1, 2009. (11751)

SUBCHAPTER C. OTHER RESTRICTIONS TO PROTECT DRIVER'S LICENSE AND SOCIAL SECURITY NUMBERS (11752)(1-click HTML)
Sec. 501.101. USE OF CONSUMER DRIVER'S LICENSE OR SOCIAL SECURITY NUMBER BY MERCHANT OR CERTAIN THIRD PARTY. (11753)(1-click HTML)

(a) A merchant or a third party under contract with a merchant who requires a consumer returning merchandise to provide the consumer's driver's license or social security number may use the number or numbers provided by the consumer solely for identification purposes if the consumer does not have a valid receipt for the item being returned and is seeking a cash, credit, or store credit refund. (11754)

(b) A merchant or a third party under contract with a merchant may not disclose a consumer's driver's license or social security number to any other third party, including a merchant, not involved in the initial transaction. (11755)

(c) A merchant or a third party under contract with a merchant may use a consumer's driver's license or social security number only to monitor, investigate, or prosecute fraudulent return of merchandise. (11756)

(d) A merchant or a third party under contract with a merchant shall destroy or arrange for the destruction of records containing the consumer's driver's license or social security number at the expiration of six months from the date of the last transaction. (11757)

Added by Acts 2007, 80th Leg., R.S., Ch. 885 (H.B. 2278), Sec. 2.01, eff. April 1, 2009. (11758)

Sec. 501.1011. SALES RECEIPT CONTAINING DRIVER'S LICENSE NUMBER PROHIBITED. (11759)(1-click HTML)

A person may not print an individual's driver's license number on a receipt that evidences payment for a sale of goods or services and is provided to the individual. (11760)

Added by Acts 2009, 81st Leg., R.S., Ch. 90 (H.B. 523), Sec. 1, eff. January 1, 2010. (11761)

Sec. 501.102. CIVIL PENALTY; INJUNCTION. (11762)(1-click HTML)

(a) A person who violates Section 501.101 is liable to this state for a civil penalty in an amount not to exceed $500 for each violation. The attorney general or the prosecuting attorney in the county in which the violation occurs may bring an action to recover the civil penalty imposed under this subsection. (11763)

(a-1) A person who violates Section 501.1011 is liable to this state for a civil penalty in an amount not to exceed $500 for each calendar month in which a violation occurs. The civil penalty may not be imposed for more than one violation that occurs in a month. The attorney general or the prosecuting attorney in the county in which the violation occurs may bring an action to recover the civil penalty imposed under this subsection. (11764)

(b) The attorney general may bring an action in the name of the state to restrain or enjoin a person from violating this subchapter. (11765)

Added by Acts 2007, 80th Leg., R.S., Ch. 885 (H.B. 2278), Sec. 2.01, eff. April 1, 2009. (11766)

Amended by: (11767)

Acts 2009, 81st Leg., R.S., Ch. 90 (H.B. 523), Sec. 2, eff. January 1, 2010. (11768)

CHAPTER 502. PROTECTION OF IDENTIFYING FINANCIAL INFORMATION (11769)(1-click HTML)
Sec. 502.001. WARNING SIGN ABOUT IDENTITY THEFT FOR RESTAURANT OR BAR EMPLOYEES. (11770)(1-click HTML)

(a) In this section: (11771)

(1) "Credit card" means an identification card, plate, coupon, book, or number or any other device authorizing a designated person or bearer to obtain property or service on credit. (11772)

(2) "Debit card" means an identification card, plate, coupon, book, or number or any other device authorizing a designated person or bearer to communicate a request to an unmanned teller machine or a customer convenience terminal or to obtain property or services by debit to an account at a financial institution. (11773)

(b) This section applies only to a restaurant or bar that accepts credit cards or debit cards from customers in the ordinary course of business. (11774)

(c) A restaurant or bar owner shall display in a prominent place on the premises of the restaurant or bar a sign stating in letters at least one-half inch high: "UNDER SECTION 32.51, PENAL CODE, IT IS A STATE JAIL FELONY (PUNISHABLE BY CONFINEMENT IN A STATE JAIL FOR NOT MORE THAN TWO YEARS) TO OBTAIN, POSSESS, TRANSFER, OR USE A CUSTOMER'S DEBIT CARD OR CREDIT CARD NUMBER WITHOUT THE CUSTOMER'S CONSENT." (11775)

(d) The restaurant or bar owner shall display the sign in English and in another language spoken by a substantial portion of the employees of the restaurant or bar as their familiar language. (11776)

(e) A restaurant or bar owner who fails to comply with this section commits an offense. An offense under this subsection is a misdemeanor punishable by a fine not to exceed $25. (11777)

(f) It is a defense to prosecution under Subsection (e) that the restaurant or bar owner charged with the offense produces to the court satisfactory evidence that the person displayed the sign required by Subsection (c) not later than 48 hours after the person received a citation for an offense under Subsection (e). If the court is satisfied with the evidence produced by the person, the court shall dismiss the charge. (11778)

Added by Acts 2007, 80th Leg., R.S., Ch. 885 (H.B. 2278), Sec. 2.01, eff. April 1, 2009. (11779)

Sec. 502.002. BUSINESS RECEIPT CONTAINING CREDIT CARD OR DEBIT CARD INFORMATION. (11780)(1-click HTML)

(a) A person who accepts a credit card or debit card for the transaction of business may not print on a receipt or other document that evidences the transaction and is provided to a cardholder more than the last four digits of the credit card or debit card account number or the month and year that the credit card or debit card expires. (11781)

(b) This section does not apply to a transaction in which the sole means of recording a person's credit card or debit card account number on a receipt or other document evidencing the transaction is by handwriting or an imprint or copy of the credit card or debit card. (11782)

(c) A person who provides, leases, or sells a cash register or other machine used to print a receipt or other document evidencing a credit card or debit card transaction shall provide notice of the requirements of this section to the recipient, lessee, or buyer, as applicable, of the machine. (11783)

(d) A person who violates Subsection (a) is liable to this state for a civil penalty in an amount not to exceed $500 for each calendar month in which a violation occurs. The civil penalty may not be imposed for more than one violation that occurs in a month. The attorney general or the prosecuting attorney in the county in which the violation occurs may bring an action to recover the civil penalty imposed under this section. (11784)

(e) The attorney general may bring an action in the name of the state to restrain or enjoin a person from violating Subsection (a). (11785)

(f) A court may not certify an action brought under this section as a class action. (11786)

Added by Acts 2007, 80th Leg., R.S., Ch. 885 (H.B. 2278), Sec. 2.01, eff. April 1, 2009. (11787)

Sec. (11788)(1-click HTML)

state.tx.us/GetStatute.aspx?Code=BC&Value=502.003">502.003. DELIVERY OF CHECK FORM. (a) In this section: (11789)

(1) "Addressee" means a person to whom a check form is sent. (11790)

(2) "Check form" means a device for the transmission or payment of money that: (11791)

(A) is not a negotiable instrument under Section 3.104; (11792)

(B) if completed would be a check as defined by Section 3.104; and (11793)

(C) is printed with information relating to the financial institution on which the completed check may be drawn. (11794)

(3) "Check form provider" means a business that provides check forms to a customer for a personal or business account. (11795)

(4) "Courier" means an entity that delivers parcels for a fee. (11796)

(b) If an addressee requests that a check form provider employ courier delivery of a check form with signature required, and that service is available in the delivery area of the addressee, the entity arranging for courier delivery in compliance with the addressee's request must provide the addressee with the option to require that the signature of the addressee, or the representative of the addressee, be obtained on delivery. (11797)

(c) The option under Subsection (b) to require the signature of the addressee or representative may be provided: (11798)

(1) on a printed check form order form; (11799)

(2) on an electronic check form order form where check form orders are offered on the Internet; (11800)

(3) by electronic mail to an address established for that purpose by the entity making the offer; or (11801)

(4) by another method reasonably designed to effectively communicate the addressee's intent. (11802)

(d) An entity that arranges for the courier delivery of a check form to an addressee as requested under Subsection (b) shall notify the courier of the check form that the signature of the addressee or a representative of the addressee is required for delivery under that subsection. (11803)

(e) If the addressee suffers a pecuniary loss because of the use of a check form stolen at the time of delivery to the addressee, a civil penalty of not more than $1,000 for each delivery may be imposed on: (11804)

(1) an entity that violates Subsection (b), (c), or (d); or (11805)

(2) a courier that: (11806)

(A) is properly notified under Subsection (d) that a signature is required for delivery; and (11807)

(B) delivers the check form without obtaining the signature of the addressee or a representative of the addressee. (11808)

(f) The attorney general may bring an action to recover a civil penalty imposed under Subsection (e). The attorney general may recover reasonable expenses incurred in obtaining the civil penalty, including court costs, reasonable attorney's fees, investigative costs, witness fees, and deposition expenses. (11809)

Added by Acts 2007, 80th Leg., R.S., Ch. 885 (H.B. 2278), Sec. 2.01, eff. April 1, 2009. (11810)

CHAPTER 503. BIOMETRIC IDENTIFIERS (11811)(1-click HTML)
Sec. 503.001. CAPTURE OR USE OF BIOMETRIC IDENTIFIER. (11812)(1-click HTML)

(a) In this section, "biometric identifier" means a retina or iris scan, fingerprint, voiceprint, or record of hand or face geometry. (11813)

(b) A person may not capture a biometric identifier of an individual for a commercial purpose unless the person: (11814)

(1) informs the individual before capturing the biometric identifier; and (11815)

(2) receives the individual's consent to capture the biometric identifier. (11816)

(c) A person who possesses a biometric identifier of an individual that is captured for a commercial purpose: (11817)

(1) may not sell, lease, or otherwise disclose the biometric identifier to another person unless: (11818)

(A) the individual consents to the disclosure for identification purposes in the event of the individual's disappearance or death; (11819)

(B) the disclosure completes a financial transaction that the individual requested or authorized; (11820)

(C) the disclosure is required or permitted by a federal statute or by a state statute other than Chapter 552, Government Code; or (11821)

(D) the disclosure is made by or to a law enforcement agency for a law enforcement purpose in response to a warrant; (11822)

(2) shall store, transmit, and protect from disclosure the biometric identifier using reasonable care and in a manner that is the same as or more protective than the manner in which the person stores, transmits, and protects any other confidential information the person possesses; and (11823)

(3) shall destroy the biometric identifier within a reasonable time, but not later than the first anniversary of the date the purpose for collecting the identifier expires, except as provided by Subsection (c-1). (11824)

(c-1) If a biometric identifier of an individual captured for a commercial purpose is used in connection with an instrument or document that is required by another law to be maintained for a period longer than the period prescribed by Subsection (c)(3), the person who possesses the biometric identifier shall destroy the biometric identifier within a reasonable time, but not later than the first anniversary of the date the instrument or document is no longer required to be maintained by law. (11825)

(c-2) If a biometric identifier captured for a commercial purpose has been collected for security purposes by an employer, the purpose for collecting the identifier under Subsection (c)(3) is presumed to expire on termination of the employment relationship. (11826)

(d) A person who violates this section is subject to a civil penalty of not more than $25,000 for each violation. The attorney general may bring an action to recover the civil penalty. (11827)

(e) This section does not apply to voiceprint data retained by a financial institution or an affiliate of a financial institution, as those terms are defined by 15 U.S.C. Section 6809. (11828)

Added by Acts 2007, 80th Leg., R.S., Ch. 885 (H.B. 2278), Sec. 2.01, eff. April 1, 2009. (11829)

Amended by: (11830)

Acts 2009, 81st Leg., R.S., Ch. 1163 (H.B. 3186), Sec. 1, eff. September 1, 2009. (11831)

Acts 2017, 85th Leg., R.S., Ch. 913 (S.B. 1343), Sec. 1, eff. September 1, 2017. (11832)

CHAPTER 504. PROHIBITED USE OF CRIME VICTIM OR MOTOR VEHICLE ACCIDENT INFORMATION (11833)(1-click HTML)
Sec. 504.001. DEFINITIONS. (11834)(1-click HTML)

In this chapter: (11835)

(1) "Crime victim information" means information that: (11836)

(A) is collected or prepared by a law enforcement agency; and (11837)

(B) identifies or serves to identify a person who, according to a record of the agency, may have been the victim of a crime in which: (11838)

(i) physical injury to the person occurred or was attempted; or (11839)

(ii) the offender entered or attempted to enter the dwelling of the person. (11840)

(2) "Motor vehicle accident information" means information that: (11841)

(A) is collected or prepared by a law enforcement agency; and (11842)

(B) identifies or serves to identify a person who, according to a record of the agency, may have been involved in a motor vehicle accident. (11843)

Added by Acts 2007, 80th Leg., R.S., Ch. 885 (H.B. 2278), Sec. 2.01, eff. April 1, 2009. (11844)

Sec. 504.002. PROHIBITION ON USE FOR SOLICITATION OR SALE OF INFORMATION. (11845)(1-click HTML)

(a) A person who possesses crime victim or motor vehicle accident information that the person obtained or knows was obtained from a law enforcement agency may not: (11846)

(1) use the information to contact directly any of the following persons for the purpose of soliciting business from the person: (11847)

(A) a crime victim; (11848)

(B) a person who was involved in a motor vehicle accident; or (11849)

(C) a member of the family of a person described by Paragraph (A) or (B); or (11850)

(2) sell the information to another person for financial gain. (11851)

(b) The attorney general may bring an action against a person who violates Subsection (a) pursuant to Section 17.47. (11852)

(c) A person commits an offense if the person violates Subsection (a). An offense under this subsection is a Class C misdemeanor unless the defendant has been previously convicted under this section three or more times, in which event the offense is a felony of the third degree. (11853)

Added by Acts 2007, 80th Leg., R.S., Ch. 885 (H.B. 2278), Sec. 2.01, eff. April 1, 2009. (11854)

CHAPTER 505. USE OF ZIP CODE TO VERIFY CUSTOMER'S IDENTITY (11855)(1-click HTML)
Sec. 505.001. DEFINITIONS. (11856)(1-click HTML)

In this chapter: (11857)

(1) "Credit card" means a card or device issued under an agreement by which the issuer gives to a cardholder the right to obtain credit from the issuer or another person. (11858)

(2) "Credit card issuer" means a lender, including a financial institution, or a merchant that receives applications and issues credit cards to individuals. (11859)

Added by Acts 2009, 81st Leg., R.S., Ch. 87 (S.B. 1969), Sec. 4.010(a), eff. September 1, 2009. (11860)

Sec. 505.002. USE OF ZIP CODE TO VERIFY IDENTITY IN CREDIT CARD TRANSACTION. (11861)(1-click HTML)

(a) A business may require a customer who purchases a good or service from the business using a credit card to provide the customer's zip code to verify the customer's identity as provided by Subsection (b). (11862)

(b) A business that obtains a customer's zip code under Subsection (a) may electronically verify with the credit card issuer that the zip code matches any zip code that the credit card issuer has on file for the credit card. (11863)

Added by Acts 2009, 81st Leg., R.S., Ch. 87 (S.B. 1969), Sec. 4.010(a), eff. September 1, 2009. (11864)

Sec. 505.003. RETENTION OF ZIP CODE PROHIBITED. (11865)(1-click HTML)

A business that obtains a customer's zip code under Section 505.002 may not retain the zip code in any form after the purchase of the good or service has been completed. (11866)

Added by Acts 2009, 81st Leg., R.S., Ch. 87 (S.B. 1969), Sec. 4.010(a), eff. September 1, 2009. (11867)

CHAPTER 506. REIDENTIFICATION OF DEIDENTIFIED INFORMATION (11868)(1-click HTML)
Sec. 506.001. DEFINITIONS. (11869)(1-click HTML)

In this chapter: (11870)

(1) "Covered information" means deidentified information released by a board, commission, department, or other agency of this state, including an institution of higher education as defined by Section 61.003, Education Code, or a hospital that is maintained or operated by the state. (11871)

(2) "Deidentified information" means information with respect to which the holder of the information has made a good faith effort to remove all personal identifying information or other information that may be used by itself or in combination with other information to identify the subject of the information. The term includes aggregate statistics, redacted information, information for which random or fictitious alternatives have been substituted for personal identifying information, and information for which personal identifying information has been encrypted and for which the encryption key is maintained by a person otherwise authorized to have access to the information in an identifiable format. (11872)

(3) "Personal identifying information" has the meaning assigned by Section 521.002(a)(1). (11873)

Added by Acts 2015, 84th Leg., R.S., Ch. 953 (S.B. 1213), Sec. 1, eff. September 1, 2015. (11874)

Sec. 506.002. REQUIRED NOTICES. (11875)(1-click HTML)

(a) An agency of this state shall provide written notice to a person to whom the agency releases deidentified information that the information is deidentified information. (11876)

(b) A person who sells covered information or otherwise receives compensation for the transfer or disclosure of covered information shall provide written notice to the person to whom the information is sold, transferred, or disclosed that the information is deidentified information obtained from an agency of this state. (11877)

Added by Acts 2015, 84th Leg., R.S., Ch. 953 (S.B. 1213), Sec. 1, eff. September 1, 2015. (11878)

Sec. 506.003. PROHIBITED ACTS. (11879)(1-click HTML)

(a) A person may not: (11880)

(1) reidentify or attempt to reidentify personal identifying information about an individual who is the subject of covered information; or (11881)

(2) knowingly disclose or release covered information that was reidentified in violation of this section. (11882)

(b) It is a defense to a civil action or prosecution for a violation of this section that: (11883)

(1) the person: (11884)

(A) was reidentifying the covered information for the purpose of a study or other scholarly research, including performing an evaluation or test of software intended to deidentify information; and (11885)

(B) did not release or publish the names or other information identifying any subjects of the reidentified covered information; or (11886)

(2) the person obtained informed, written consent from the individual who is the subject of the covered information that specifically referenced the information to be reidentified, disclosed, or released, and authorized the reidentification, disclosure, or release of that information. (11887)

Added by Acts 2015, 84th Leg., R.S., Ch. 953 (S.B. 1213), Sec. 1, eff. September 1, 2015. (11888)

Sec. 506.004. OFFENSE. (11889)(1-click HTML)

(a) A person who violates Section 506.003 commits an offense. (11890)

(b) An offense under this section is a Class A misdemeanor. (11891)

Added by Acts 2015, 84th Leg., R.S., Ch. 953 (S.B. 1213), Sec. 1, eff. September 1, 2015. (11892)

Sec. 506.005. PRIVATE CAUSE OF ACTION. (11893)(1-click HTML)

A person who violates Section 506.003 is liable to the individual who is the subject of the covered information for statutory damages in an amount of not less than $25 or more than $500 for each violation, not to exceed a total amount of $150,000. (11894)

Added by Acts 2015, 84th Leg., R.S., Ch. 953 (S.B. 1213), Sec. 1, eff. September 1, 2015. (11895)

Sec. 506.006. CIVIL PENALTY. (11896)(1-click HTML)

(a) In addition to other penalties and remedies assessed or recovered under this chapter, a person who violates Section 506.003 is liable to this state for a civil penalty in an amount of not less than $25 or more than $500 for each violation, not to exceed a total amount of $150,000. (11897)

(b) The attorney general may bring an action to recover a civil penalty under this section. (11898)

(c) The attorney general is entitled to recover reasonable expenses incurred in bringing an action under this section, including reasonable attorney's fees, court costs, and investigatory costs. (11899)

Added by Acts 2015, 84th Leg., R.S., Ch. 953 (S.B. 1213), Sec. 1, eff. September 1, 2015. (11900)

CHAPTER 507. CONCEALED HANDGUN LICENSES AS VALID FORMS OF PERSONAL IDENTIFICATION (11901)(1-click HTML)
Sec. 507.001. CONCEALED HANDGUN LICENSE AS VALID PROOF OF IDENTIFICATION. (11902)(1-click HTML)

(a) A person may not deny the holder of a concealed handgun license issued under Subchapter H, Chapter 411, Government Code, access to goods, services, or facilities, except as provided by Section 521.460, Transportation Code, or in regard to the operation of a motor vehicle, because the holder has or presents a concealed handgun license rather than a driver's license or other acceptable form of personal identification. (11903)

(b) This section does not affect: (11904)

(1) the requirement under Section 411.205, Government Code, that a person subject to that section present a driver's license or identification certificate in addition to a concealed handgun license; or (11905)

(2) the types of identification required under federal law to access airport premises or pass through airport security. (11906)

Redesignated from Business and Commerce Code, Chapter 506 by Acts 2017, 85th Leg., R.S., Ch. 324 (S.B. 1488), Sec. 24.001(2), eff. September 1, 2017. (11907)

For expiration of this chapter, see Section 508.003. (11908)

CHAPTER 508. REQUIRING VERIFICATION OF IDENTITY FOR CERTAIN CARD TRANSACTIONS (11909)(1-click HTML)
Sec. 508.001. DEFINITIONS. (11910)(1-click HTML)

In this chapter: (11911)

(1) "Cardholder" means the person named on the face of a credit card or debit card to whom or for whose benefit the credit card or debit card is issued. (11912)

(2) "Credit card" means a card or device issued under an agreement by which the issuer gives to a cardholder the right to obtain credit from the issuer or another person. (11913)

(3) "Debit card" means a card, device, or other means of access to an individual's account at a financial institution that the individual may use to initiate electronic fund transfers. (11914)

(4) "Merchant" means a person in the business of selling goods or services. (11915)

(5) "Mobile wallet" means a device that uses an encrypted digital token to authenticate a cardholder's identity and account information. (11916)

(6) "Photo identification" means a card or other document that: (11917)

(A) is issued by a governmental entity to identify an individual; and (11918)

(B) displays a photograph of the individual identified on the card or other document. (11919)

Added by Acts 2017, 85th Leg., R.S., Ch. 749 (S.B. 1381), Sec. 1, eff. January 1, 2018. (11920)

Sec. 508.002. REQUIRING PHOTO IDENTIFICATION FOR CREDIT OR DEBIT CARD TRANSACTION. (11921)(1-click HTML)

(a) A merchant, in a point of sale transaction, may require the individual using the credit card or debit card to provide photo identification verifying the individual's identity as the cardholder. (11922)

(b) A merchant may choose to not accept the card for payment if the individual fails to provide photo identification verifying the individual's identity as the cardholder. (11923)

(c) This section does not apply to transactions conducted with a mobile wallet. (11924)

Added by Acts 2017, 85th Leg., R.S., Ch. 749 (S.B. 1381), Sec. 1, eff. January 1, 2018. (11925)

Sec. 508.003. EXPIRATION. (11926)(1-click HTML)

This chapter expires September 1, 2023. (11927)

Added by Acts 2017, 85th Leg., R.S., Ch. 749 (S.B. 1381), Sec. 1, eff. January 1, 2018. (11928)

SUBTITLE B. IDENTITY THEFT (11929)(1-click HTML)

CHAPTER 521. UNAUTHORIZED USE OF IDENTIFYING INFORMATION (11930)(1-click HTML)
Sec. 521.001. SHORT TITLE. (11931)(1-click HTML)

This chapter may be cited as the Identity Theft Enforcement and Protection Act. (11932)

Added by Acts 2007, 80th Leg., R.S., Ch. 885 (H.B. 2278), Sec. 2.01, eff. April 1, 2009. (11933)

Sec. 521.002. DEFINITIONS. (11934)(1-click HTML)

(a) In this chapter: (11935)

(1) "Personal identifying information" means information that alone or in conjunction with other information identifies an individual, including an individual's: (11936)

(A) name, social security number, date of birth, or government-issued identification number; (11937)

(B) mother's maiden name; (11938)

(C) unique biometric data, including the individual's fingerprint, voice print, and retina or iris image; (11939)

(D) unique electronic identification number, address, or routing code; and (11940)

(E) telecommunication access device as defined by Section 32.51, Penal Code. (11941)

(2) "Sensitive personal information" means, subject to Subsection (b): (11942)

(A) an individual's first name or first initial and last name in combination with any one or more of the following items, if the name and the items are not encrypted: (11943)

(i) social security number; (11944)

(ii) driver's license number or government-issued identification number; or (11945)

(iii) account number or credit or debit card number in combination with any required security code, access code, or password that would permit access to an individual's financial account; or (11946)

(B) information that identifies an individual and relates to: (11947)

(i) the physical or mental health or condition of the individual; (11948)

(ii) the provision of health care to the individual; or (11949)

(iii) payment for the provision of health care to the individual. (11950)

(3) "Victim" means a person whose identifying information is used by an unauthorized person. (11951)

(b) For purposes of this chapter, the term "sensitive personal information" does not include publicly available information that is lawfully made available to the public from the federal government or a state or local government. (11952)

Added by Acts 2007, 80th Leg., R.S., Ch. 885 (H.B. 2278), Sec. 2.01, eff. April 1, 2009. (11953)

Amended by: (11954)

Acts 2009, 81st Leg., R.S., Ch. 419 (H.B. 2004), Sec. 1, eff. September 1, 2009. (11955)

SUBCHAPTER B. IDENTITY THEFT (11956)(1-click HTML)
Sec. 521.051. UNAUTHORIZED USE OR POSSESSION OF PERSONAL IDENTIFYING INFORMATION. (11957)(1-click HTML)

(a) A person may not obtain, possess, transfer, or use personal identifying information of another person without the other person's consent and with intent to obtain a good, a service, insurance, an extension of credit, or any other thing of value in the other person's name. (11958)

(b) It is a defense to an action brought under this section that an act by a person: (11959)

(1) is covered by the Fair Credit Reporting Act (15 U.S.C. Section 1681 et seq.); and (11960)

(2) is in compliance with that Act and regulations adopted under that Act. (11961)

(c) This section does not apply to: (11962)

(1) a financial institution as defined by 15 U.S.C. Section 6809; or (11963)

(2) a covered entity as defined by Section 601.001 or 602.001, Insurance Code. (11964)

Added by Acts 2007, 80th Leg., R.S., Ch. 885 (H.B. 2278), Sec. 2.01, eff. April 1, 2009. (11965)

Sec. 521.052. BUSINESS DUTY TO PROTECT SENSITIVE PERSONAL INFORMATION. (11966)(1-click HTML)

(a) A business shall implement and maintain reasonable procedures, including taking any appropriate corrective action, to protect from unlawful use or disclosure any sensitive personal information collected or maintained by the business in the regular course of business. (11967)

(b) A business shall destroy or arrange for the destruction of customer records containing sensitive personal information within the business's custody or control that are not to be retained by the business by: (11968)

(1) shredding; (11969)

(2) erasing; or (11970)

(3) otherwise modifying the sensitive personal information in the records to make the information unreadable or indecipherable through any means. (11971)

(c) This section does not apply to a financial institution as defined by 15 U.S.C. Section 6809. (11972)

(d) As used in this section, "business" includes a nonprofit athletic or sports association. (11973)

Added by Acts 2007, 80th Leg., R.S., Ch. 885 (H.B. 2278), Sec. 2.01, eff. April 1, 2009. (11974)

Amended by: (11975)

Acts 2009, 81st Leg., R.S., Ch. 419 (H.B. 2004), Sec. 2, eff. September 1, 2009. (11976)

Sec. 521.053. NOTIFICATION REQUIRED FOLLOWING BREACH OF SECURITY OF COMPUTERIZED DATA. (11977)(1-click HTML)

(a) In this section, "breach of system security" means unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of sensitive personal information maintained by a person, including data that is encrypted if the person accessing the data has the key required to decrypt the data. Good faith acquisition of sensitive personal information by an employee or agent of the person for the purposes of the person is not a breach of system security unless the person uses or discloses the sensitive personal information in an unauthorized manner. (11978)

(b) A person who conducts business in this state and owns or licenses computerized data that includes sensitive personal information shall disclose any breach of system security, after discovering or receiving notification of the breach, to any individual whose sensitive personal information was, or is reasonably believed to have been, acquired by an unauthorized person. The disclosure shall be made as quickly as possible, except as provided by Subsection (d) or as necessary to determine the scope of the breach and restore the reasonable integrity of the data system. (11979)

(b-1) If the individual whose sensitive personal information was or is reasonably believed to have been acquired by an unauthorized person is a resident of a state that requires a person described by Subsection (b) to provide notice of a breach of system security, the notice of the breach of system security required under Subsection (b) may be provided under that state's law or under Subsection (b). (11980)

(c) Any person who maintains computerized data that includes sensitive personal information not owned by the person shall notify the owner or license holder of the information of any breach of system security immediately after discovering the breach, if the sensitive personal information was, or is reasonably believed to have been, acquired by an unauthorized person. (11981)

(d) A person may delay providing notice as required by Subsection (b) or (c) at the request of a law enforcement agency that determines that the notification will impede a criminal investigation. The notification shall be made as soon as the law enforcement agency determines that the notification will not compromise the investigation. (11982)

(e) A person may give notice as required by Subsection (b) or (c) by providing: (11983)

(1) written notice at the last known address of the individual; (11984)

(2) electronic notice, if the notice is provided in accordance with 15 U.S.C. Section 7001; or (11985)

(3) notice as provided by Subsection (f). (11986)

(f) If the person required to give notice under Subsection (b) or (c) demonstrates that the cost of providing notice would exceed $250,000, the number of affected persons exceeds 500,000, or the person does not have sufficient contact information, the notice may be given by: (11987)

(1) electronic mail, if the person has electronic mail addresses for the affected persons; (11988)

(2) conspicuous posting of the notice on the person's website; or (11989)

(3) notice published in or broadcast on major statewide media. (11990)

(g) Notwithstanding Subsection (e), a person who maintains the person's own notification procedures as part of an information security policy for the treatment of sensitive personal information that complies with the timing requirements for notice under this section complies with this section if the person notifies affected persons in accordance with that policy. (11991)

(h) If a person is required by this section to notify at one time more than 10,000 persons of a breach of system security, the person shall also notify each consumer reporting agency, as defined by 15 U.S.C. Section 1681a, that maintains files on consumers on a nationwide basis, of the timing, distribution, and content of the notices. The person shall provide the notice required by this subsection without unreasonable delay. (11992)

Added by Acts 2007, 80th Leg., R.S., Ch. 885 (H.B. 2278), Sec. 2.01, eff. April 1, 2009. (11993)

Amended by: (11994)

Acts 2009, 81st Leg., R.S., Ch. 419 (H.B. 2004), Sec. 3, eff. September 1, 2009. (11995)

Acts 2011, 82nd Leg., R.S., Ch. 1126 (H.B. 300), Sec. 14, eff. September 1, 2012. (11996)

Acts 2013, 83rd Leg., R.S., Ch. 1368 (S.B. 1610), Sec. 1, eff. June 14, 2013. (11997)

SUBCHAPTER C. COURT ORDER DECLARING INDIVIDUAL A VICTIM OF IDENTITY THEFT (11998)(1-click HTML)
Sec. 521.101. APPLICATION FOR COURT ORDER TO DECLARE INDIVIDUAL A VICTIM OF IDENTITY THEFT. (11999)(1-click HTML)

(a) A person who is injured by a violation of Section 521.051 or who has filed a criminal complaint alleging commission of an offense under Section 32.51, Penal Code, may file an application with a district court for the issuance of an order declaring that the person is a victim of identity theft. (12000)

(b) A person may file an application under this section regardless of whether the person is able to identify each person who allegedly transferred or used the person's identifying information in an unlawful manner. (12001)

Added by Acts 2007, 80th Leg., R.S., Ch. 885 (H.B. 2278), Sec. 2.01, eff. April 1, 2009. (12002)

Sec. 521.102. PRESUMPTION OF APPLICANT'S STATUS AS VICTIM. (12003)(1-click HTML)

An applicant under Section 521.101 is presumed to be a victim of identity theft under this subchapter if the person charged with an offense under Section 32.51, Penal Code, is convicted of the offense. (12004)

Added by Acts 2007, 80th Leg., R.S., Ch. 885 (H.B. 2278), Sec. 2.01, eff. April 1, 2009. (12005)

Sec. 521.103. ISSUANCE OF ORDER; CONTENTS. (12006)(1-click HTML)

(a) After notice and hearing, if the court is satisfied by a preponderance of the evidence that an applicant under Section 521.101 has been injured by a violation of Section 521.051 or is the victim of an offense under Section 32.51, Penal Code, the court shall enter an order declaring that the applicant is a victim of identity theft resulting from a violation of Section 521.051 or an offense under Section 32.51, Penal Code, as appropriate. (12007)

(b) An order under this section must contain: (12008)

(1) any known information identifying the violator or person charged with the offense; (12009)

(2) the specific personal identifying information and any related document used to commit the alleged violation or offense; and (12010)

(3) information identifying any financial account or transaction affected by the alleged violation or offense, including: (12011)

(A) the name of the financial institution in which the account is established or of the merchant involved in the transaction, as appropriate; (12012)

(B) any relevant account numbers; (12013)

(C) the dollar amount of the account or transaction affected by the alleged violation or offense; and (12014)

(D) the date of the alleged violation or offense. (12015)

Added by Acts 2007, 80th Leg., R.S., Ch. 885 (H.B. 2278), Sec. 2.01, eff. April 1, 2009. (12016)

Sec. 521.104. CONFIDENTIALITY OF ORDER. (12017)(1-click HTML)

(a) An order issued under Section 521.103 must be sealed because of the confidential nature of the information required to be included in the order. The order may be opened and the order or a copy of the order may be released only: (12018)

(1) to the proper officials in a civil proceeding brought by or against the victim arising or resulting from a violation of this chapter, including a proceeding to set aside a judgment obtained against the victim; (12019)

(2) to the victim for the purpose of submitting the copy of the order to a governmental entity or private business to: (12020)

(A) prove that a financial transaction or account of the victim was directly affected by a violation of this chapter or the commission of an offense under Section 32.51, Penal Code; or (12021)

(B) correct any record of the entity or business that contains inaccurate or false information as a result of the violation or offense; (12022)

(3) on order of the judge; or (12023)

(4) as otherwise required or provided by law. (12024)

(b) A copy of an order provided to a person under Subsection (a)(1) must remain sealed throughout and after the civil proceeding. (12025)

(c) Information contained in a copy of an order provided to a governmental entity or business under Subsection (a)(2) is confidential and may not be released to another person except as otherwise required or provided by law. (12026)

Added by Acts 2007, 80th Leg., R.S., Ch. 885 (H.B. 2278), Sec. 2.01, eff. April 1, 2009. (12027)

Sec. 521.105. GROUNDS FOR VACATING ORDER. (12028)(1-click HTML)

A court at any time may vacate an order issued under Section 521.103 if the court finds that the application filed under Section 521.101 or any information submitted to the court by the applicant contains a fraudulent misrepresentation or a material misrepresentation of fact. (12029)

Added by Acts 2007, 80th Leg., R.S., Ch. 885 (H.B. 2278), Sec. 2.01, eff. April 1, 2009. (12030)

SUBCHAPTER D. REMEDIES (12031)(1-click HTML)
Sec. 521.151. CIVIL PENALTY; INJUNCTION. (12032)(1-click HTML)

(a) A person who violates this chapter is liable to this state for a civil penalty of at least $2,000 but not more than $50,000 for each violation. The attorney general may bring an action to recover the civil penalty imposed under this subsection. (12033)

(a-1) In addition to penalties assessed under Subsection (a), a person who fails to take reasonable action to comply with Section 521.053(b) is liable to this state for a civil penalty of not more than $100 for each individual to whom notification is due under that subsection for each consecutive day that the person fails to take reasonable action to comply with that subsection. Civil penalties under this section may not exceed $250,000 for all individuals to whom notification is due after a single breach. The attorney general may bring an action to recover the civil penalties imposed under this subsection. (12034)

(b) If it appears to the attorney general that a person is engaging in, has engaged in, or is about to engage in conduct that violates this chapter, the attorney general may bring an action in the name of the state against the person to restrain the violation by a temporary restraining order or by a permanent or temporary injunction. (12035)

(c) An action brought under Subsection (b) must be filed in a district court in Travis County or: (12036)

(1) in any county in which the violation occurred; or (12037)

(2) in the county in which the victim resides, regardless of whether the alleged violator has resided, worked, or transacted business in the county in which the victim resides. (12038)

(d) The attorney general is not required to give a bond in an action under this section. (12039)

(e) In an action under this section, the court may grant any other equitable relief that the court considers appropriate to: (12040)

(1) prevent any additional harm to a victim of identity theft or a further violation of this chapter; or (12041)

(2) satisfy any judgment entered against the defendant, including issuing an order to appoint a receiver, sequester assets, correct a public or private record, or prevent the dissipation of a victim's assets. (12042)

(f) The attorney general is entitled to recover reasonable expenses, including reasonable attorney's fees, court costs, and investigatory costs, incurred in obtaining injunctive relief or civil penalties, or both, under this section. Amounts collected by the attorney general under this section shall be deposited in the general revenue fund and may be appropriated only for the investigation and prosecution of other cases under this chapter. (12043)

(g) The fees associated with an action under this section are the same as in a civil case, but the fees may be assessed only against the defendant. (12044)

Added by Acts 2007, 80th Leg., R.S., Ch. 885 (H.B. 2278), Sec. 2.01, eff. April 1, 2009. (12045)

Amended by: (12046)

Acts 2011, 82nd Leg., R.S., Ch. 1126 (H.B. 300), Sec. 15, eff. September 1, 2012. (12047)

Sec. 521.152. DECEPTIVE TRADE PRACTICE. (12048)(1-click HTML)
  

Our Mission
Objective

Our mission is to provide citizens free access to the laws and codes of their state utilizing a unique search engine that matches clients with qualified legal professionals who can help with specific issues.

Our goal is to do this in a manner that promotes open government and freedom of information, while providing attorneys with valuable tools to connect with qualified prospects in need of professional services.

Ignorance Is No Excuse
Your Right To Know The Law

All citizens have a right to have access to the laws that govern them. Citizen awareness and participation in government is fundamental to ensuring a sound democracy.

Although unfettered access to the law is a fundamental right to all citizens, there is no substitute for experienced legal counsel.

We do not recommend self-representation. We do, however, recognize that in an age where people routinely research legal matters online using everything from a smartphone to their xbox, both attorneys and clients alike can benefit from this resource.