Safe Harbor and State of Texas Breach Notification Laws

By | November 19, 2016
Safe Harbor

The Concept of Safe Harbor

The concept of “Safe Harbor” refers to specific actions, example; encryption of private data, that an individual or an organization can take to show a good-faith effort in complying with the law. This good-faith effort provides a person or organization “Safe Harbor” against prosecution under the law (Grama, 2015, pg.253).

The State of Texas Statute 521.002 states that when a an individual’s first name or first initial and last name are combined with other private information, example, Social Security Number, that the information must be encrypted. The State of Texas Bus. & Com. Code 521.002, 521.053; Ed. Code 37.007(b)(5), and Pen. Code 33.02 all have provisions for personal private data protection, but none of these set a specific encryption standard. According to this law as long as an organization encrypts personal private information as the law specifies, theft of encrypted information would not require a breach notification which fulfills the principle of Safe Harbor (State of Texas Statutes 521.053, 2009).

Further research into Texas information system requirements revealed that encryption standards for state agencies are controlled by the agencies themselves. Texas Administrative Code 202.1 was the only law found addressing encryption at a state level for all other agencies and it also did not provide an encryption standard. Note: this law was repealed March of 2015 and no other laws were found (Texas Administrative Code 202.1, n.d.).


Grama, J. L. (2015). Legal issues in information security (2nd ed.). Boston, MA: Jones & Bartlett Learning.

State of Texas Statutes 521.053. (2009, April 01). Business and Commerce Code Title 11. Personal Identity Information Subtitle B. Identity Theft Chapter 521. Unauthorized Use of Identifying Information Subchapter A. General Provisions. Retrieved June 2, 2016, from

Texas Administrative Code 202.1. (n.d.). Texas Administrative Code Title 1. Part 10. Chapter 202. Sub Chapter A. Rule 202.1. Retrieved June 2, 2016, from$ext.TacPage?sl=R&app=2&p_dir=&p_rloc=142456&p_tloc=&p_ploc=&pg=1&p_tac=142456&ti=1&pt=10&ch=202&rl=1&dt=&z_chk=&z_contains=



Leave a Reply

Your email address will not be published. Required fields are marked *