“Texans expect their personal information to remain confidential. The Office of the Attorney General will take all necessary steps to protect consumers from identity thieves.”
– Texas Attorney General Greg Abbott
Don’t mess with Texas and you better be sure not to mess with a Texan’s nonpublic personal information. Texas Attorney General Greg Abbott has declared war on identity theft and he’s holding companies responsible. In 2007, Mr. Abbott filed no less than six lawsuits against companies for violations of the Texas Identity Theft Enforcement and Protection Act of 2005, Tex. Bus. & Com. Code Ann. §§17.41, et seq. In May 2007, Attorney General Abbott filed an enforcement action against CNG Financial Corporation, its subsidiaries, and EZPAWN for improperly dumping customer records, including promissory notes and bank statements. In April, Attorney General Abbott took legal action against CVS/pharmacy and RadioShack Corporation for exposing hundreds of customers to identity theft by failing to properly dispose of records that contained sensitive information. In March, the Attorney General filed an enforcement action against Jones Beauty College in Dallas for improperly discarding student financial aid forms containing Social Security numbers and other personal information. Also in March, Attorney General Abbott took legal action against On Track Modeling, a North Carolina-based talent agency that abruptly shut down its North Texas office and abandoned more than 60 boxes containing hundreds of confidential client records.
The Texas Identity Theft Enforcement and Protection Act.
The Identity Theft Enforcement and Protection Act (the “Identity Theft Act” or “ITEPA”), mandates that businesses have a legal duty to protect and safeguard sensitive personal information. The Identity Theft Act also requires businesses that collect or maintain sensitive personal information in the regular course of business to implement and maintain reasonable procedures and corrective measures to protect and safeguard sensitive personal information from unlawful use or disclosure. Furthermore, the Identity Theft Act includes a “Dumpster Diving” provision where companies are required to destroy customer records no longer in use by shredding, erasing or modifying the records to make the information unreadable or undecipherable.
Why is the ITEPA a big deal? Well first, the Texas Attorney General holds a press conference announcing to anyone who will listen, that a company was negligent and its customers’ may be at risk. Most importantly, however, it goes directly to a company’s bottom line. Section 48.201 of the Identity Theft Act not only allows the Attorney General to seek a permanent injunction against a company that could, in essence, shut it down. The Identity Theft Act also exposes a company to a civil penalty of at least $2,000 and up to $50,000 for each violation. Radio Shack, CVS, EZPAWN, On Track Modeling and Jones Beauty College all settled out of court and quickly. Not even the largest of companies have a checkbook big enough to compete with the Texas Attorney General’s Office.
(214) 890-0991
