Can I use third-party file sharing tools that collect personal information in Texas? What are the requirements?

Third-Party File Sharing Tools and Personal Information in Texas

Third-party file sharing tools that collect personal information in Texas are subject to certain requirements.

According to Tex. Transp. Code § 730.007, personal information obtained by an agency in connection with a motor vehicle record may be disclosed to any requestor by an agency if the requestor provides their name and address and any proof of that information required by the agency, and represents that the use of the personal information will be strictly limited to certain purposes. These purposes include use by a government agency, including any court or law enforcement agency, in carrying out its functions; use in connection with a matter of motor vehicle or motor vehicle operator safety; use in connection with a civil, criminal, administrative, or arbitral proceeding in any court or government agency or before any self-regulatory body; and use by an insurer, insurance support organization, or self-insured entity, or an authorized agent of an insurer, insurance support organization, or self-insured entity, in connection with claims processing or investigation activities, antifraud activities, rating, or underwriting.

However, third-party file sharing tools are not considered government agencies and are not authorized to collect personal information for the purposes listed in Tex. Transp. Code § 730.007. Therefore, if a third-party file sharing tool collects personal information in Texas, it must comply with the requirements of the Texas Privacy Protection Act (TPPA) and the Texas Identity Theft Enforcement and Protection Act (TITEPA).

Under the TPPA, a business that collects personal information must provide notice to individuals about the types of personal information collected, the purposes for which the information is collected, and the categories of third parties with whom the information may be shared. The business must also provide individuals with the opportunity to opt-out of the collection, use, or disclosure of their personal information.

Under the TITEPA, a business that owns or licenses personal information about a Texas resident must implement and maintain reasonable procedures to protect the information from unauthorized access, destruction, use, modification, or disclosure. If a breach of personal information occurs, the business must provide notice to affected individuals and the Texas Attorney General.

In addition to the above requirements, third-party file sharing tools must also comply with other regulations related to the collection and disclosure of personal information in Texas. For example, Tex. Transp. Code § 521.052 prohibits the disclosure of individual information from the department’s files that relates to personal information, as that term is defined by Section 730.003, except as provided by certain sections of the code. Furthermore, 37 TXAC 15.149 requires any recipient of driver record information to delete from its records any personal information obtained from the department if the requestor becomes aware that it is not an authorized recipient of that information in accordance with Chapter 730 of the Texas Transportation Code.

In summary, third-party file sharing tools that collect personal information in Texas must comply with the requirements of the TPPA and the TITEPA. They must provide notice to individuals about the collection and use of their personal information, provide individuals with the opportunity to opt-out of the collection, use, or disclosure of their personal information, and implement and maintain reasonable procedures to protect the information from unauthorized access, destruction, use, modification, or disclosure. They must also comply with other regulations related to the collection and disclosure of personal information in Texas, such as Tex. Transp. Code § 521.052 and 37 TXAC 15.149.

Jurisdiction

Texas

• Privacy