Can I collect personal information from my customers in California in Texas? What are the requirements?

Based on the provided documents, there are several regulations that govern the collection of personal information in Texas and California.

Texas Regulations

In Texas, the collection of personal information is governed by several regulations, including:

• Business Duty to Protect Sensitive Personal Information ^[2.1]: A business shall implement and maintain reasonable procedures to protect from unlawful use or disclosure any sensitive personal information collected or maintained by the business in the regular course of business. A business shall destroy or arrange for the destruction of customer records containing sensitive personal information within the business’s custody or control that are not to be retained by the business.
• Ineligibility to Receive Personal Information ^[1.1]: This regulation prohibits a person or entity from entering into a subsequent agreement with the department to obtain driver record information if they have violated a clause or term of a previous agreement with the department.
• Limits on Redisclosure and Reuse of Nonpublic Personal Financial Information ^[3.1]: This regulation limits the disclosure and use of nonpublic personal financial information by covered entities that receive such information from nonaffiliated financial institutions.
• Unauthorized Use or Possession of Personal Identifying Information ^[2.3]: This regulation prohibits a person from obtaining, possessing, transferring, or using personal identifying information of another person without their consent or effective consent and with intent to obtain a good, a service, insurance, an extension of credit, or any other thing of value in the other person’s name.
• Notification to Check Verification Entities That Customer Is Victim of Identity Theft ^[2.4]: This regulation requires financial institutions to submit certain information to an electronic notification system if a customer notifies the financial institution that they were a victim of identity theft.

California Regulations

In California, the collection of personal information is governed by the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). These regulations require businesses to provide certain disclosures to consumers regarding the collection, use, and sharing of their personal information, as well as provide consumers with certain rights regarding their personal information.

Therefore, if you are collecting personal information from customers in California and Texas, you must comply with both Texas and California regulations. It is recommended that you consult with a legal professional to ensure compliance with both regulations.

Source(s):

• [1.1] Ineligibility to Receive Personal Information
• [2.1] BUSINESS DUTY TO PROTECT SENSITIVE PERSONAL INFORMATION.
• [3.1] Limits on Redisclosure and Reuse of Nonpublic Personal Financial Information
• [2.3] UNAUTHORIZED USE OR POSSESSION OF PERSONAL IDENTIFYING INFORMATION.
• [2.4] NOTIFICATION TO CHECK VERIFICATION ENTITIES THAT CUSTOMER IS VICTIM OF IDENTITY THEFT.

Jurisdiction

California, Texas

• Privacy