Print 🖨

The House Committee on Business & Industry met on April 2 to take up and consider bills. The report below focuses on data privacy bills HB 4390 by Capriglione and HB 4518 by Martinez Fischer.

This report is intended to give you an overview and highlight of the discussions on the various topics the committee took up. It is not a verbatim transcript of the hearing, but is based upon what was audible or understandable to the observer and the desire to get details out as quickly as possible with few errors or omissions.

 

HB 4390 (Capriglione) Relating to the privacy of personal identifying information; imposing a civil penalty.

  • Capriglione – Bill aims to provide a little more regulation and oversight on info collected on about us without our knowledge & permission; info is being used in ways that can negatively affect credit scores, premiums, rentals, etc.
  • Opposition exists to this bill, Capriglione notes that massive amounts of data are being collected by Facebook and Google, others
  • Larger entities have security in place, but there is also other data that is collected & shared, many apps collect this data, cites Trim which scrapes all transactions made & will retain data even if app is deleted
  • Transactional data is being monetized and sold, cross-checked data can be used to build comprehensive profiles of individuals
  • HB 4390 tries to let individuals know what info is being collected, providing for an opt-in, providing for a way to find data being retained by companies; designed to hold entities not in security culpable for info collected
  • These issues have Constitutional implications, e.g. can impact right to peacefully assemble when presence and who you are assembling with is easily determinable if individuals use cellphones

 

Steven Scurlock, Independent Bankers Association of Texas – On

  • IBAT is very appreciative of efforts to tackle this issue
  • Banking is a unique industry in this area, under strict regulations and monitored frequently for compliance
  • IBAT takes position that any entity collecting personally identifying information (PII) should be subject to similar protections as banks
  • Would be supportive of bill providing for this, IBAT has provided language to clarify unique position of financial institutions regarding PII

 

Sarah Matz, Computing Technology Industry Association – Against

  • CompTIA member organizations understand importance of data security, but these measures are likely to lead to significant compliance costs & stifle innovation
  • Similar to California Consumer Privacy Act (CCPA) which was poorly drafted and still under debate, urges Committee to hold off and develop bill with input from stakeholders
  • Rushed CCPA contained provisions that could threaten security & made compliance burdensome; impact is poorly understood & creates risk and uncertainty for companies in California
  • Large companies have spent $7 billion to comply with EU’s GDPR, expected to pay millions to comply with CCPA; Texas’ law is again different enough hat it would require additional compliance costs

 

John Heasley, Texas Bankers Association – For

  • Have language that is still being worked on with Rep. Capriglione and Rep. Martinez Fischer
  • Bank customers are able to opt-out of certain types of information sharing outside of financial institutions

 

Deborah Giles, Texas Technology Consortium – Against

  • Issue needs to be handled at the federal level, states are taking very different approaches
  • Not opposed to data privacy, national framework would work more efficiently
  • Beckley – Are any actions being taken on the federal level?
    • There are discussions, but no specific legislation in the House or Senate
    • Affiliates have been talking with Congressional offices, were hoping to spur experts in the state legislature to engage with federal legislators
  • Beckley – How long does the federal process take?
    • Unsure, also feel like this particular subject needs to have more input to avoid unintended consequences
  • Beckley – How long should Texas wait, it sounds like it hasn’t started on the federal level
    • Can look into this
  • Beckley – Feel like Texas can do better on this issue
    • Texas is not our worry, it is other states with differing approaches
  • Martinez Fischer – To the extent that there are data privacy experts, etc., they haven’t found their way to Rep. Capriglione’s office, certainly not a fault of his so I would encourage these individuals to contact his office quickly

 

James Hines, Texas Association of Business – Against

  • Protecting information & ensuring consumer confidence is crucial, privacy is a concern for TAB
  • There are discussion taking place at the federal level, urges state to work with Congress to develop national framework; internet has no borders and needs broad approach instead of a patchwork
  • Patterson – Asks for clarification on desire regarding internet regulation
    • Would like a national framework, would like apps downloaded in California to not see issues in other states, for instance
  • Patterson – Federal approach scares me, Texas often leads the way on this type of legislation and other states adopt what is best; Texas can likely do this better than D.C.
  • Beckley – This seems very similar to internet sales tax, Texas was one of the first states to do this & federal response is still not around; I don’t think we can wait for the federal government
    • Would concede that states can take action with regards to certain forms of in-state commerce, but dealing with privacy of consumers & TAB is concerned about differing approaches, potential confusion
  • Beckley – Do you think the federal government would act if states do? Not saying uniform approach is not better, but Texas has a problem that needs solving & we are nimbler than the federal government
    • TAB members have been involved in discussions in D.C. for some time, they are at a point were legislation could be rolled out
  • Martinez Fischer – Actions taken by Texas have often spurred others to act, Texas action could be an example for the rest of the country

 

Chris Humphreys, Anfield Group – For

  • Appointed rep to state Security Council for HB 8, has worked on many sides of the industry
  • GDPR or GDPR-lite is going to be here at the federal level eventually, HB 4390 allows Texas to take its own approach
  • Cites issues with supply chain management and long adoption process after Stuxnet; should already be doing the provisions in this bill, behind the curve on this & last thing companies should need is regulation to do this
  • Electric Utility situation is a good model, federal action is so slow that we never really address the issue
  • Consumers are becoming far more knowledgeable on what is being done with data, but needs to be onus on technology providers to protect consumers at the front end
  • Seemingly insignificant data like average cellphone charge can affect things like premiums
  • Purpose of these bills is to disclose usage and hold entities accountable, gives consumer ability to allow or not allow

 

Rep. Capriglione closes

  • Texas can and does regulate activity in the state, unlikely to get federal cooperation on an effective solution; Texas can do more in less time and state action is being watched by others
  • HB 4390 is not patterned after CCPA, have the opportunity to do something unique

 

HB 4390 left pending

 

HB 4518 (Martinez Fischer) Relating to the privacy of a consumer’s personal information collected by certain businesses.

  • Martinez Fischer – Similar to HB 4390, cannot wait for federal action to be taken on this issue
  • Texas benefits from innovation from use of data, but can put basic protections in place for consumers
  • Encouraged by those who have approached me and want to work on this

 

Steven Scurlock, Independent Bankers Association of Texas – On

  • MY hope is that these initiatives will bring players to the table in good faith to solve a real problem, whether it happens at a state or federal level
  • Banks have been victims of bad actors, bills will provide impetus for people to act

 

Sarah Matz, Computing Technology Industry Association – Against

  • Share the goal of consumer privacy and protect PII, ask that we be given opportunity to participate; have spoken with Rep. Capriglione, but not with Rep. Martinez Fischer
  • Bill is modeled exactly like CCPA, issues with process of passing CCPA are concerning & we know the bill will change
  • Texas should take the time needed to perfect the bill

 

Deborah Giles, Texas Technology Consortium – Against

  • Opposed to the bill as it is today, will be speaking with legislative offices

 

James Hines, Texas Association of Business – Against

  • We favor regulatory certainty, urging legislators to work with Congress on single national framework

 

David Foye, RELX/LexisNexis – Against

  • This bill is very close if not identical to the CCPA, California is in heavy discussions trying to fix that bill; 40 measures filed currently to fix this currently in California
  • Provisions in the bill allow a consumer to delete potentially incriminating information from certain transactions
  • California is the only state that has passed legislation on this subject, other states have decided not to go in a similar route
  • Texans have been a model on privacy laws, have data laws on student data, medical records, breach, etc.

 

John Heasley, Texas Bankers Association – For

  • Appreciate the language & look forward to continue working with Rep. Martinez Fischer

 

Rep. Martinez Fischer closes

  • Intent is to encourage conversation on solution that fits Texas, Texans want modicum of privacy concerning their data

 

HB 4518 left pending