Controller Duties; Transparency
Reference only: This requirement is not currently tested by the Privisy scanner. It is included for reference. Consult a qualified attorney to assess your compliance posture.
What it requires
Sets out controller duties: data minimization limited to what is adequate, relevant, and reasonably necessary for the disclosed purposes (subsection (a)(1)) and reasonable administrative, technical, and physical data security (subsection (a)(2)). Subsection (b) prohibits processing data for incompatible purposes without consent, unlawful discrimination against consumers, and processing a consumer's sensitive data without consent (or, for a known child, other than in accordance with COPPA). The privacy-notice content requirements are set out separately in § 541.102.
Legal text (excerpt)
(a) "A controller: (1) shall limit the collection of personal data to what is adequate, relevant, and reasonably necessary in relation to the purposes for which that personal data is processed, as disclosed to the consumer; and (2) ... shall establish, implement, and maintain reasonable administrative, technical, and physical data security practices ...." (b) "A controller shall not: ... (4) process the sensitive data of a consumer without obtaining the consumer's consent ...."
Primary source
Texas Office of the Attorney General: § 541.101: Controller Duties; Transparency ↗Legal notice: This page is for informational purposes only and does not constitute legal advice. The legal text excerpt is reproduced from official public sources and is current as of the stated effective date. Laws change: verify against the authoritative source and consult a licensed attorney for compliance guidance.