Document Traps

Section 35.48 of the Business and Commerce Code was amended so that businesses that store personal information on consumers are required to "modify" the information so as to make it "unreadable" when they dispose of the information. If they don't there is a penalty.
   Here are the subsections that were added:

(d) When a business disposes of a business record that contains personal identifying information of a customer of the business, the business shall modify, by shredding, erasing, or other means, the personal identifying information to make it unreadable or undecipherable.
(e) A business is considered to comply with Subsection (d) if the business contracts with a person engaged in the business of disposing of records for the modification of personal identifying information on behalf of the business in accordance with Subsection (d).
(f) A business that does not dispose of a business record of a customer in the manner required by Subsection (d) is liable for a civil penalty of up to $500 for each record. The attorney general may bring an action against the business to:
(1) recover the civil penalty; (2) obtain any other remedy, including injunctive relief; and (3) recover costs and reasonable attorney's fees incurred in bringing the action.
(g) A business that modifies a record as required by Subsection (d) in good faith is not liable for a civil penalty under Subsection (f) if the record is reconstructed, in whole or in part, through extraordinary means.

Section 35.58 deals with the necessity for the confidentiality of social security numbers. Section 35.581 requires a written policy on privacy if you require social security numbers from your clients.