On November 6, 2025, Texas reached a settlement regarding Senate Bill 140 (SB 140), which set forth amendments to the “state’s mini-TCPA” (Chapters 301-305 of the state’s Business and Commerce Code). In a joint motion to dismiss, the state clarified that businesses who only send marketing texts to users who have opted in need not
Texas Mini-TCPA Gets a Makeover: What Businesses Need to Know
By Roma Patel on
Posted in Data Privacy, Telephone Consumer Protection Act
The Telephone Consumer Protection Act of 1991 (TCPA) is a federal law designed to protect consumers from unwanted telemarketing and intrusive solicitation practices. Many states have also enacted similar state laws governing telephone solicitations, so called “mini-TCPAs.” One such state is Texas, which has had a mini-TCPA in place since 2009.
The Texas mini-TCPA applies…
Supreme Court Upholds Texas Age-Verification Law, Raising LGBTQ+ Privacy Concerns
By Guest Contributor on
Posted in Data Privacy
This post was authored by William Ollayos, Summer Associate. William is not admitted to practice law.
On June 27, 2025, the U.S. Supreme Court upheld a Texas law requiring pornography websites to verify users’ ages through government-issued ID. The 6–3 decision in Free Speech Coalition v. Paxton marks a significant shift in First Amendment jurisprudence…
Texas AI Governance Law Signed by Governor
By Linn Foster Freedman on
Posted in Artificial Intelligence
On June 22, 2025, Texas Governor Greg Abbott signed the Texas Responsible AI Governance Act (TRAIGA) into law. Despite the ongoing debate in the U.S. Senate over the provision in the reconciliation bill that declares a moratorium on the ability of states to legislate artificial intelligence (AI), the signing of HB 149 is a…
Why Dumping Sensitive Data on Network Shares is a Liability
By Kathryn Rattigan & Jim Merrifield on
Posted in Information Governance
Are you storing sensitive data on a shared network drive? If so, your organization could be at serious risk of a data breach or privacy lawsuit. Shared drives, like the common “S:\ drive,” are often used to store documents, spreadsheets, customer information, financial records, and even scanned IDs. But here’s the problem: these network shares…
Texas AG Investigates DeepSeek + List of Banned Countries Expands
By Linn Foster Freedman on
Posted in Artificial Intelligence
Texas Attorney General Ken Paxton announced on February 14, 2024, that his office has opened an investigation into DeepSeek’s privacy practices. DeepSeek, an artificial intelligence company with ties to the People’s Republic of China, has been banned on state owned devices in Texas, New York, and Virginia. The Pentagon, NASA, and the U.S. Navy…
Three States Ban DeepSeek Use on State Devices and Networks
By Linn Foster Freedman on
Posted in Artificial Intelligence
New York, Texas, and Virginia are the first states to ban DeepSeek, the Chinese-owned generative artificial intelligence (AI) application, on state-owned devices and networks.
Texas was first to tackle the problem when it banned state employees from using both DeepSeek and RedNote on January 31, 2025. The Texas ban includes other apps affiliated with the…
Privacy Tip #428 – Getting Text Messages From E-ZPass or Toll Road Operators? They’re Scams Coming from China
By Linn Foster Freedman on
Posted in Privacy Tips
This week, I received a fake text message (a smish) saying my E-ZPass account was overdue and that I urgently needed to pay it. That’s a new one and, apparently, quite effective. Luckily, I knew it was a scam, but others were victimized.
According to the website Krebs on Security, security researchers “say the…
Increased Privacy Enforcement Actions Anticipated Under Texas Privacy Law
By Kathryn Rattigan on
Posted in Data Privacy
While California was the first state to implement a comprehensive consumer privacy rights law and the first to bring an enforcement action for violations, Texas is quickly becoming the next privacy regulator to watch. The Texas Privacy and Data Security Act (TPDSA) became effective in July 2024, and the Texas Securing Children Online through Parental…
Precious-Metal Refiner Hit with Data Breach Class Action over 2023 Cyber-Attack
By Kathryn Rattigan on
Elemetal LLC faces a data breach class action resulting from its alleged failure to implement appropriate security measures, which led to a 2023 breach of approximately 13,000 customers’ personal information. Elemetal is a precious-metal refiner based in Texas, operating in more than 45 locations in the U.S.
The subject breach occurred between August 22 and…