The Texas Data Privacy and Security Act, enacted in 2023 and effective July 1, 2024. It gives Texas residents the right to know what personal data businesses hold about them, the right to correct inaccurate data, the right to delete, the right to opt out of targeted advertising and sale of personal data, and the right to data portability. It is enforced by the Texas Attorney General's office under Tex. Bus. & Com. Code Chapter 541.

Texas privacy rights for data broker removal

In short

Texas residents got real privacy rights in July 2024 when the Texas Data Privacy and Security Act (TDPSA) took effect. Strong on paper, enforcement is just ramping up.
The Texas Attorney General set up a dedicated privacy and consumer-protection team and brought the state's first TDPSA enforcement action in 2025 — outside California, few states' attorneys general have moved this far.
You can demand deletion, opt out of targeted ads and data sale, and force corrections. No private right of action: enforcement runs through the AG only, so complaints go to texasattorneygeneral.gov.

6 min read Last reviewed May 2026 Free scan available

The Texas Data Privacy and Security Act, at a glance

Texas Data Privacy and Security Act (TDPSA)

Tex. Bus. & Com. Code Chapter 541 · Effective July 1, 2024

Texas's comprehensive consumer privacy law. Modeled in structure on Virginia's VCDPA and Colorado's CPA, but with Texas-specific tweaks — notably a broader applicability test that catches more out-of-state data brokers, and a 30-day right-to-cure period for first offenses that the AG can choose to enforce.

What you can demand of any TDPSA-covered business

Texas residents have these rights under Chapter 541:

Right to access. Know whether a business processes your personal data and obtain a copy of it. (§541.051)
Right to correct. Inaccurate personal data the business holds about you. (§541.051)
Right to delete. Personal data the business has collected about you, with limited exceptions. (§541.051)
Right to data portability. Obtain your data in a readily usable format you can transfer to another service. (§541.051)
Right to opt out. Of (1) targeted advertising, (2) sale of personal data, and (3) profiling for decisions that produce legal or similarly significant effects. (§541.052)

Texas added one Texas-specific touch: the right to opt out of profiling is broader than in many state laws, covering credit, housing, insurance, education, and employment decisions made or augmented by automated systems.

Response timeline is fixed: businesses must respond within 45 calendar days, extendable once by 45 days with notice. (§541.053) If the business denies your request, it must explain why and inform you of your right to appeal within 60 days.

How TDPSA applies to data brokers

TDPSA applies to any business that either conducts business in Texas or produces products or services targeted at Texas residents, AND processes Texas-resident personal data above the statutory threshold (the threshold is set such that most national-scale data brokers are captured).

Important: the law explicitly applies to "small businesses" too — one of the few state privacy laws without a "must be a large business" carve-out. The small-business provision is narrower (focused on opt-out of sale of sensitive personal data) but it means even smaller brokers can't escape TDPSA by being below a revenue threshold.

Practical takeaway: if a data broker holds any data about you and operates in the US at all, assume TDPSA applies. Filing a TDPSA request against any major broker is on solid legal ground.

The Texas AG just started enforcing. Brokers that ignored TDPSA quietly in 2024 are getting nervous in 2026. Delist files your requests with the right citation.

Run my free exposure scan →

How to file a TDPSA request

TDPSA does not (yet) have a centralized one-stop mechanism like California's DROP. You file individually with each business.

Find the business's privacy contact. TDPSA-covered businesses must publish a privacy notice with deletion/opt-out instructions. Look in the website footer for "Privacy Policy" or "Your Privacy Choices." The Texas-specific page may be at /texas-privacy or /tdpsa-request.
Submit your request. Web form is usually fastest. If the business has no form, send by email or postal mail. Our CCPA letter generator produces text that works for TDPSA too — just swap the citation to "Texas Business & Commerce Code Chapter 541" in the body.
Verify identity. The business must take reasonable steps to verify it's actually you. Expect to provide name, address, and (for sensitive requests) identity verification.
Wait the 45 days. The business must respond within 45 days. Most respond within 2 weeks; the 45-day window exists for complex cases.
If denied, appeal within 60 days. The business must offer an internal appeal mechanism. After exhausting that, file with the Texas AG.

How to file a TDPSA complaint with the Texas AG

If a business ignores your TDPSA request or denies it improperly:

Go to texasattorneygeneral.gov and find the consumer-protection complaint form.
Include the business name, the date you filed, what you requested, and the business's response (or lack of).
Attach documentation — confirmation emails, denial letters, screenshots.
The AG investigates. After an initial cure-period notice (where applicable), enforcement can include civil penalties up to $7,500 per violation.

The Texas AG initiated the state's first TDPSA enforcement action in 2025. The signal to the industry is clear: TDPSA isn't a paper tiger. Compliance has been ramping accordingly.

The 30-day cure period — and its limits

For some TDPSA violations, the AG must give the business 30 days to "cure" the violation before assessing penalties. The cure period applies broadly in the law's early years but sunsets for some categories of violation as the statute matures.

What this means for you as a consumer: a first-time TDPSA violation by a small broker may get a warning before a fine. A repeat violation, or a violation by a sophisticated business that should have known better, can result in immediate penalty assessment. Either way, your complaint is the trigger that starts the AG's clock.

How Delist handles TDPSA

Delist files TDPSA-compliant deletion requests against every broker the scan identifies. For Texas residents specifically:

Each request cites Tex. Bus. & Com. Code Chapter 541 — the right citation matters for getting fast compliance from automated broker systems.
We track the 45-day response window and escalate to the Texas AG when brokers miss it, with documentation ready.
We monitor re-listings and re-file as new data appears in broker databases.

You can do all of this yourself for free. TDPSA gives you the rights; we just operate them at scale for people who'd rather not.

Frequently asked questions

What is the TDPSA?

The Texas Data Privacy and Security Act, enacted in 2023 and effective July 1, 2024. It gives Texas residents the right to know what personal data businesses hold, the right to correct, delete, opt out of targeted advertising and sale, and obtain data portability. Enforced by the Texas Attorney General under Tex. Bus. & Com. Code Chapter 541.

Who enforces the TDPSA?

The Texas Attorney General has exclusive enforcement authority. There is no private right of action — individuals cannot sue businesses directly under TDPSA. Complaints go to the AG's consumer-protection division. The AG initiated the state's first TDPSA enforcement action in 2025.

How long does a business have to respond to my TDPSA request?

45 calendar days. The business can request a 45-day extension if reasonably necessary, with notice to you. If the business denies your request, it must provide reasons and inform you of your right to appeal the denial within 60 days.

Does TDPSA apply to data brokers specifically?

Yes, when the broker meets the TDPSA's applicability threshold. The statute applies to businesses that conduct business in Texas or produce products/services targeted to Texas residents AND process personal data of Texas consumers above certain thresholds. Most national data brokers meet the threshold and must honor TDPSA requests from Texas residents.

How do I file a TDPSA complaint?

File with the Texas Attorney General's consumer-protection division at texasattorneygeneral.gov. The AG investigates complaints and can issue civil penalties up to $7,500 per violation. Businesses generally get a 30-day cure period before fines, though that provision sunsets in some scenarios.