§ 541.002StatuteReference only

Applicability of Chapter

Effective July 1, 2024Reviewed July 2026

Reference only: This requirement is not currently tested by the Privisy scanner. It is included for reference. Consult a qualified attorney to assess your compliance posture.

What it requires

Applies only to a person that conducts business in Texas (or produces a product or service consumed by Texas residents) and that processes or engages in the sale of personal data. Uniquely among state privacy laws, the TDPSA has no numeric consumer-count threshold; instead it excludes small businesses as defined by the United States Small Business Administration — though § 541.107 still bars even an exempt small business from selling sensitive data without the consumer's consent.

Legal text (excerpt)

This chapter applies only to a person that: (1) conducts business in this state or produces a product or service consumed by residents of this state; (2) processes or engages in the sale of personal data; and (3) is not a small business as defined by the United States Small Business Administration, except to the extent that Section 541.107 applies to a person described by this subdivision.

Texas Data Privacy and Security Act: § 541.002, Statute, effective 2024

Primary source

Texas Office of the Attorney General: § 541.002: Applicability of Chapter

Legal notice: This page is for informational purposes only and does not constitute legal advice. The legal text excerpt is reproduced from official public sources and is current as of the stated effective date. Laws change: verify against the authoritative source and consult a licensed attorney for compliance guidance.

Stop Guessing. Start Knowing.

Find out exactly where your website stands before a regulator does.

Get My Compliance Audit