CHAPTER 72. BUSINESS RECORDS
BUSINESS AND COMMERCE CODE
TITLE 5. REGULATION OF BUSINESSES AND SERVICES
SUBTITLE A. GENERAL PRACTICES
CHAPTER 72. BUSINESS RECORDS
SUBCHAPTER A. DISPOSAL OF CERTAIN BUSINESS RECORDS
Sec. 72.001. DEFINITIONS. In this subchapter:
(1) "Business record" means letters, words, sounds, or numbers,
or the equivalent of letters, words, sounds, or numbers, recorded
in the operation of a business by:
(A) handwriting;
(B) typewriting;
(C) printing;
(D) photostat;
(E) photograph;
(F) magnetic impulse;
(G) mechanical or electronic recording;
(H) digitized optical image; or
(I) another form of data compilation.
(2) "Personal identifying information" means an individual's
first name or initial and last name in combination with one or
more of the following:
(A) date of birth;
(B) social security number or other government-issued
identification number;
(C) mother's maiden name;
(D) unique biometric data, including the individual's
fingerprint, voice data, or retina or iris image;
(E) unique electronic identification number, address, or routing
code;
(F) telecommunication access device as defined by Section 32.51,
Penal Code, including debit or credit card information; or
(G) financial institution account number or any other financial
information.
(3) "Reproduction" means a counterpart of an original business
record produced by:
(A) production from the same impression or the same matrix as
the original;
(B) photography, including an enlargement or miniature;
(C) mechanical or electronic rerecording;
(D) chemical reproduction;
(E) digitized optical imaging; or
(F) another technique that accurately reproduces the original.
Added by Acts 2007, 80th Leg., R.S., Ch.
885, Sec. 2.01, eff. April 1, 2009.
Sec. 72.002. DESTRUCTION OF CERTAIN BUSINESS RECORDS. (a) A
business record required to be retained by a law of this state
may be destroyed at any time after the third anniversary of the
date the business record was created.
(b) Subsection (a) does not apply if a law or rule applicable to
the business record prescribes a different retention period or
procedure for disposal.
Added by Acts 2007, 80th Leg., R.S., Ch.
885, Sec. 2.01, eff. April 1, 2009.
Sec. 72.003. RETENTION OF REPRODUCTION OF BUSINESS RECORDS. A
law of this state that requires retention of a business record is
satisfied by retention of a reproduction of the original record.
Added by Acts 2007, 80th Leg., R.S., Ch.
885, Sec. 2.01, eff. April 1, 2009.
Sec. 72.004. DISPOSAL OF BUSINESS RECORDS CONTAINING PERSONAL
IDENTIFYING INFORMATION. (a) This section does not apply to:
(1) a financial institution as defined by 15 U.S.C. Section
6809; or
(2) a covered entity as defined by Section 601.001 or 602.001,
Insurance Code.
(b) When a business disposes of a business record that contains
personal identifying information of a customer of the business,
the business shall modify, by shredding, erasing, or other means,
the personal identifying information so as to make the
information unreadable or undecipherable.
(c) A business is considered to comply with Subsection (b) if
the business contracts with a person engaged in the business of
disposing of records for the modification of personal identifying
information on behalf of the business in accordance with that
subsection.
(d) A business that disposes of a business record without
complying with Subsection (b) is liable for a civil penalty in an
amount not to exceed $500 for each business record. The attorney
general may bring an action against the business to:
(1) recover the civil penalty;
(2) obtain any other remedy, including injunctive relief; and
(3) recover costs and reasonable attorney's fees incurred in
bringing the action.
(e) A business that in good faith modifies a business record as
required by Subsection (b) is not liable for a civil penalty
under Subsection (d) if the business record is reconstructed,
wholly or partly, through extraordinary means.
(f) Subsection (b) does not require a business to modify a
business record if:
(1) the business is required to retain the business record under
another law; or
(2) the business record is historically significant and:
(A) there is no potential for identity theft or fraud while the
business retains custody of the business record; or
(B) the business record is transferred to a professionally
managed historical repository.
Added by Acts 2007, 80th Leg., R.S., Ch.
885, Sec. 2.01, eff. April 1, 2009.
SUBCHAPTER B. DELETION OF CERTAIN RECORDS OR INFORMATION RELATING
TO CUSTOMERS' CHECKS
Sec. 72.051. REQUIRED DELETION OF CERTAIN ELECTRONIC RECORDS.
(a) In this section, "law enforcement agency" has the meaning
assigned by Article 59.01, Code of Criminal Procedure.
(b) This section applies only to a business that accepts checks
from customers in the ordinary course of business. This section
does not apply to a financial institution as defined by 31 U.S.C.
Section 5312(a)(2), as amended.
(c) A business shall delete any electronic record indicating
that a customer has issued a dishonored check or any other
information except for a checking account number or bank routing
transit number on which the business bases a refusal to accept a
check from a customer. The record must be deleted not later than
the 30th day after the date:
(1) the customer and the business agree that the information
contained in the electronic record is incorrect; or
(2) the customer presents to the business:
(A) a copy of a report filed by the customer with a law
enforcement agency stating that the dishonored check was
unauthorized; and
(B) a written statement of the customer indicating that the
dishonored check was unauthorized.
(d) A business that violates Subsection (c) is liable to this
state for a civil penalty in an amount not to exceed $1,000. The
attorney general may:
(1) bring an action to recover the civil penalty; and
(2) recover reasonable expenses incurred in recovering the
penalty, including court costs, reasonable attorney's fees,
investigative costs, witness fees, and deposition expenses.
Added by Acts 2007, 80th Leg., R.S., Ch.
885, Sec. 2.01, eff. April 1, 2009.