On June 14, 2013, Texas Governor Rick Perry signed S.B. 1610 amending Texas’ data breach notification law to
- remove language limiting the application of the data breach notification requirement to Texas residents and residents of states that do not require notification,
- permit, for residents of states other than Texas that require notification of a breach, notice to be provided to such individuals under the states’ law or under Texas law, and
- clarify that written notice of a security breach must be provided to the last known address of the individual.
These changes, effective when signed by the Governor, were intended to address concerns that the prior version of the law "unintentionally require[d] any person who handles personal health information to be aware of the breach notification laws of every state and any potential changes to them, which creates a substantial and unnecessary administrative burden on professionals who handle personal health information." Of course, if a breach experienced by a Texas company affects Texas residents, as well as residents of states which also have breach notification laws, that company still needs to review and comply with the laws in those other states, if applicable.