Legal Services

	"A member of my staff accidentlly sent an email that contained someone's sensitive personal information to the wrong person. What are the notification requirements if this incident affected only one person?"

What are the notification requirements when an individual's sensitive personal information is exposed?

Local Government Code §205.010 provides that any local government that owns, licenses or maintains computerized data that includes sensitive personal information shall comply with §521.053, Business and Commerce Code. Under this section, disclosure must be made to any individual whose sensitive personal information was acquired by an unauthorized person. Disclosure should be made as soon as possible, but not later than the 60th day after the date on which the breach was determined to have occurred. Notification may be provided by (1) written notice at the last known address of the individual; or (2) by electronic notice, if the notice is provided in accordance with 15 U.S.C. Section 7001.