Effective September 2012 if you “do business in Texas” – whatever that means – and you have a data breach involving personal information, PI, and fail to notify the affected individuals “as quickly as possible” you are open for a $100/day/Individual fine up to $250,000! The infraction is a misdemeanor unless the information is Personal Health Information, PHI, and then the offense can be a felony! Yikes! H.B No 300, adds some serious teeth to their mandatory notification disclosure law.
Better keep your attorney’s phone number close to the phone number of your cyber insurance agent in case of a breach. Keeping track of the notification requirements of 46 different states seems almost impossible without professional help. I unconditionally recommend one of two attorneys in SE Michiganif you have a breach; Claudia Rast at Butzel Long or Stephen Tupper at Dykema. Trust me these two are terrific attorneys. Call one or both before you have a data breach so you are ready for the day you get the call…”We’ve been breached.”