972-487-6800 webinfo@erecycler.net

Texas Commercial Code Chapter 521 Data Destruction

This applies to every business in Texas, even Non Profits

Texas Commercial Code Chapter 521 Data Destruction For All Texas Businesses

The Texas state commercial code says that all businesses, even non profits (except financial institutions, who have their own laws) must destroy all data containing devices that contain any two pieces of the defined identifying information. The information below is taken from the State of Texas website.

Erecycler knows the Texas State Commercial Code and can help get your company into compliance, contact us today.

BUSINESS AND COMMERCE CODE

TITLE 11. PERSONAL IDENTITY INFORMATION

SUBTITLE B. IDENTITY THEFT

CHAPTER 521. UNAUTHORIZED USE OF IDENTIFYING INFORMATION

SUBCHAPTER A. GENERAL PROVISIONS

Sec. 521.001. SHORT TITLE. This chapter may be cited as the Identity Theft Enforcement and Protection Act.

Added by Acts 2007, 80th Leg., R.S., Ch. 885 (H.B. 2278), Sec. 2.01, eff. April 1, 2009.

Sec. 521.002. DEFINITIONS. (a) In this chapter:
(1) “Personal identifying information” means information that alone or in conjunction with other information identifies an individual, including an individual’s:
(A) name, social security number, date of birth, or government-issued identification number;
(B) mother’s maiden name;
(C) unique biometric data, including the individual’s fingerprint, voice print, and retina or iris image;
(D) unique electronic identification number, address, or routing code; and
(E) telecommunication access device as defined by Section 32.51, Penal Code.
(3) “Victim” means a person whose identifying information is used by an unauthorized person.
(2) “Sensitive personal information” means, subject to Subsection (b):
(A) an individual’s first name or first initial and last name in combination with any one or more of the following items, if the name and the items are not encrypted:
(i) social security number;
(ii) driver’s license number or government-issued identification number; or
(iii) account number or credit or debit card number in combination with any required security code, access code, or password that would permit access to an individual’s financial account; or
(B) information that identifies an individual and relates to:
(i) the physical or mental health or condition of the individual;
(ii) the provision of health care to the individual; or
(iii) payment for the provision of health care to the individual.
(b) For purposes of this chapter, the term “sensitive personal information” does not include publicly available information that is lawfully made available to the public from the federal government or a state or local government.

Added by Acts 2007, 80th Leg., R.S., Ch. 885 (H.B. 2278), Sec. 2.01, eff. April 1, 2009.
Amended by:
Acts 2009, 81st Leg., R.S., Ch. 419 (H.B. 2004), Sec. 1, eff. September 1, 2009.

SUBCHAPTER B. IDENTITY THEFT

Sec. 521.051. UNAUTHORIZED USE OR POSSESSION OF PERSONAL IDENTIFYING INFORMATION. (a) A person may not obtain, possess, transfer, or use personal identifying information of another person without the other person’s consent and with intent to obtain a good, a service, insurance, an extension of credit, or any other thing of value in the other person’s name.
(b) It is a defense to an action brought under this section that an act by a person:
(1) is covered by the Fair Credit Reporting Act (15 U.S.C. Section 1681 et seq.); and
(2) is in compliance with that Act and regulations adopted under that Act.
(c) This section does not apply to:
(1) a financial institution as defined by 15 U.S.C. Section 6809; or
(2) a covered entity as defined by Section 601.001 or 602.001, Insurance Code.

Added by Acts 2007, 80th Leg., R.S., Ch. 885 (H.B. 2278), Sec. 2.01, eff. April 1, 2009.

Sec. 521.052. BUSINESS DUTY TO PROTECT SENSITIVE PERSONAL INFORMATION. (a) A business shall implement and maintain reasonable procedures, including taking any appropriate corrective action, to protect from unlawful use or disclosure any sensitive personal information collected or maintained by the business in the regular course of business. (b) A business shall destroy or arrange for the destruction of customer records containing sensitive personal information within the business’s custody or control that are not to be retained by the business by: (1) shredding; (2) erasing; or (3) otherwise modifying the sensitive personal information in the records to make the information unreadable or indecipherable through any means. (c) This section does not apply to a financial institution as defined by 15 U.S.C. Section 6809. (d) As used in this section, “business” includes a nonprofit athletic or sports association.
Added by Acts 2007, 80th Leg., R.S., Ch. 885 (H.B. 2278), Sec. 2.01, eff. April 1, 2009.
Amended by:
Acts 2009, 81st Leg., R.S., Ch. 419 (H.B. 2004), Sec. 2, eff. September 1, 2009.

In Your Office Data Destruction

We will come to your location with our portable equipment and destroy your hard drives and record your serial numbers. Documentation and certificates of destruction are included. We can also degauss your back up tapes onsite and pick up your computers for recycling while we are there.
Get A Quote

Erecycler's 100hp Shredder

Our in House Shredder

In our Dallas facility we have enormous shredder capable of shredding approximately 2000 hard drives per hour; with the end result being many twisted and mangled bits of scrap metal that will be further recycled. Information destroyed in this way is absolutely unrecoverable. We offer this particular service for clientele in need of high volume destruction.Get a Quote

erecycler keeps your data safe

Is Your Data Safe ?

We offer flexible data security plans. All of our data security plans meet or exceed the standards of Nist, Hippa, Facta, Dod and Nsa for data destruction. All destruction plans include the use of our private client portal to track your data destruction and certificates. 
Get A Quote