Texting in Texas: The State Expands Telemarketing Registration Requirements to Include Text Marketers
Texas has amended its telephone solicitation and telemarketing law (the Texas “mini-TCPA” — after the federal Telephone Consumer Protection Act) to require certain businesses that engage in text marketing to register with the Texas Secretary of State and make detailed disclosures, pay registration fees, and post a $10,000 security deposit. The amendments, which were enacted by Senate Bill 140 and went into effect on September 1, 2025, also make certain violations of the Texas mini-TCPA de facto violations of the state’s deceptive trade practices law, which includes a private right of action and can carry significant penalties. While the law includes several provisions that will likely exempt established businesses that obtain one-to-one opt-in consent for text marketing messages and other types of calls, in light of the substantial fines and private right of action, businesses will want to carefully review the application of these new amendments to their marketing programs.
Now You See Them, Now You Don’t: Regulatory Risks of Ephemeral Messages
Corporate use of ephemeral messaging applications (communications that disappear after a set time) has become increasingly common across the globe in recent years, with companies recognizing its value in decreasing data storage costs and providing employees a convenient method for communicating quickly with customers and clients. However, the prevalence of these messaging applications in the corporate context has caused regulators to grow concerned about how encrypted and ephemeral messaging might affect regulatory obligations related to data preservation, employee monitoring, and compliance.
FCC Proposes Updated Data Breach Reporting Requirements, Comment Period Ongoing
On January 6, 2023, the Federal Communications Commission (the Commission) released a unanimously adopted Notice of Proposed Rulemaking, “In the Matter of Data Breach Reporting Requirements” (Proposed Rule). The Commission sought comments through February 22, 2023 on the Proposed Rule which will update its current data breach reporting rule. Reply comments are due on or before March 24, 2023.
