BILL ANALYSIS

C.S.H.B. 5081

By: Leach

Judiciary & Civil Jurisprudence

Committee Report (Substituted)

BACKGROUND AND PURPOSE

The bill author has informed the committee that with the current deluge of uninhibited data on the Internet, the nonconsensual sharing of personal identifying information can pose a security risk for judicial branch officers and court support staff, including through the collection and distribution of judicial personal identifying information by entities or groups that sell personal identifying information to interested parties, commonly referred to as "data brokers." The bill author has further informed the committee that in response to increased threats aimed at the federal judiciary, the 117th Congress passed and President Biden signed into law the Daniel Anderl Judicial Security and Privacy Act of 2022, which in part regulates the distribution of federal judge personal identifying information by data brokers. There is currently no equivalent in Texas statute to limit the flow of the personal identifying information of state judicial branch officers and court support personnel or to remove this information from public websites.

C.S.H.B. 5081 seeks to address this gap by preventing the personal identifying information of state judicial branch officers and court support personnel from being sold, licensed, traded, transferred, or purchased by data brokers. The bill additionally extends these protections to the family members of these individuals and provides a framework for removing sensitive information.

CRIMINAL JUSTICE IMPACT

It is the committee's opinion that this bill expressly does one or more of the following: creates a criminal offense, increases the punishment for an existing criminal offense or category of offenses, or changes the eligibility of a person for community supervision, parole, or mandatory supervision.

RULEMAKING AUTHORITY

It is the committee's opinion that this bill does not expressly grant any additional rulemaking authority to a state officer, department, agency, or institution.

ANALYSIS

C.S.H.B. 5081 amends the Government Code to prohibit a data broker from knowingly selling, licensing, trading for consideration, transferring, or purchasing covered information, as later defined, of an at-risk individual or an immediate family member related to an at-risk individual within the first degree by consanguinity or affinity, as described by statutory provisions relating to relationships by consanguinity or by affinity, including a foster child, ward, legal dependent, or individual residing in the same household. The bill defines "at-risk individual" as any of the following:

·a judge, defined by statutory provisions governing the State Commission on Judicial Conduct as a justice, judge, master, magistrate, or retired or former judge as described by Section 1-a, Article V, Texas Constitution, or other person who performs the functions of the justice, judge, master, magistrate, or retired or former judge;

·a court clerk, defined by the bill as the clerk of the supreme court, the court of criminal appeals, a court of appeals, a district court, a county court, a statutory county court, a statutory probate court, a justice court, or a municipal court; and

·an employee of the following:

othe supreme court, the court of criminal appeals, an appellate court, a district court, a division of the business court, a county court, a constitutional county court, a statutory county court, a statutory probate court, a justice court, or a municipal court;

oan applicable court clerk;

othe Office of Court Administration (OCA); or

oanother agency in the judicial branch of state government.

The bill prohibits a person from publicly posting or displaying on a publicly accessible website covered information of an at-risk individual or an immediate family member of the individual if the at-risk individual, or OCA, acting on the individual's behalf, submits a written request to that person not to disclose or acquire the covered information that is the subject of the request. The bill excepts the following from this prohibition:

·covered information of an at-risk individual or an immediate family member of the individual displayed on a publicly accessible website if the information is relevant to and displayed as part of a news story, commentary, editorial, or other speech on a matter of public concern;

·covered information that an at-risk individual voluntarily posts on the Internet; or

·covered information received from a governmental entity or an employee or agent of a governmental entity.

C.S.H.B. 5081 requires a person, including a data broker, after receiving such a request, to do the following not later than 72 hours after receipt of the request:

·remove from the website the covered information identified in the request;

·ensure the information is not made available on any other publicly accessible website or subsidiary website the person controls; and

·identify any other instances of the information that should be removed.

The bill additionally requires such a person to assist the sender in locating the covered information that may be posted on any publicly accessible website or subsidiary website controlled by the person. These provisions apply only to covered information available on a publicly accessible website on or after the bill's effective date, regardless of the date on which the information was originally posted.

C.S.H.B. 5081 requires the judicial security division of OCA to develop a process by which a judge can file a written request with the director of OCA to notify a data broker or other person, on the judge's behalf, of a written request submitted by the judge to remove covered information posted or displayed by the person on a publicly accessible website. The bill authorizes OCA to develop or procure a statewide technology system to automate this process. OCA is required to implement the process only if the legislature appropriates money specifically for that purpose. If the legislature does not do so, OCA may, but is not required to, implement the process using other appropriations available for that purpose.

C.S.H.B. 5081 prohibits a person, after receiving a written request not to disclose or acquire covered information, from transferring the covered information to any other person through any medium, except under the following circumstances:

·the transfer of the covered information that is relevant to and displayed as part of a news story, commentary, editorial, or other speech on a matter of public concern;

·covered information the at-risk individual or the immediate family member of the individual voluntarily posts on the Internet; or

·a transfer of the covered information at the request of the at-risk individual or as necessary to produce a request to the person from the at-risk individual.

C.S.H.B. 5081 authorizes an at-risk individual or the individual's designee to bring an action in a court seeking injunctive or declaratory relief if the covered information of an at-risk individual or an immediate family member of the individual is made public as a result of a violation of the bill's provisions. If the plaintiff prevails in such an action, the court, in addition to issuing an order for injunctive or declaratory relief, may do the following:

·impose a fine of $500 for each day the covered information remains public after the date on which the order for injunctive or declaratory relief is issued; and

·if the defendant is not a state agency, award to the at-risk individual, or the individual's immediate family, exemplary damages, court costs, and reasonable attorney's fees.

C.S.H.B. 5081 creates an offense for a person who intentionally posts covered information of an at-risk individual or an immediate family member of the individual on a publicly accessible website without first obtaining the consent of the individual whose information was posted and when the following conditions are met:

·the information is posted with intent to cause or threaten to cause harm to or harassment of an at-risk individual or a member of the individual's immediate family; and

·under the circumstances, harm to or harassment of the at-risk individual or immediate family member is a probable consequence of the posting of the information.

The bill establishes that, for these purposes, it is prima facie evidence of the intent to cause or threaten to cause harm to or harassment of an at-risk individual or a member of the individual's immediate family if the person receives a written request not to disclose the covered information for safety reasons and does either of the following:

·fails to remove the covered information from the website not later than 48 hours after receiving the request; or

·before the fourth anniversary of the date the business receives the request, the person reposts the covered information on the same website or another publicly accessible website or makes the information publicly available through another medium.

The bill establishes that such an offense is a Class B misdemeanor, except that the offense is a Class A misdemeanor if the offense results in the bodily injury of the at-risk individual whose covered information was posted on the website or of an immediate family member of the individual. These bill provisions apply only to an offense committed on or after the bill's effective date. For these purposes, an offense is committed before the bill's effective date if any element of the offense occurs before that date.

C.S.H.B. 5081 defines the following terms for purposes of the bill's provisions:

·"covered information" as any of the following, but not including information regarding employment with a state agency:

oa home address, including primary and secondary residences;

oa home or personal telephone number, including a mobile telephone number;

oan email address;

oa social security number or driver's license number;

obank account, credit card, or debit card information;

oa license plate number or other unique identifier of a vehicle owned, leased, or regularly used;

othe identity of a child younger than 18 years of age;

oa person's date of birth;

oinformation regarding current or future school or day care attendance, including the name or address of the school or day care, schedules of attendance, or routes taken to or from the school or day care;

oemployment information, including the name or address of the employer, employment schedules, or routes taken to or from the employer's location; and

ophotographs or videos that reveal any of this listed information;

·"data broker" has the meaning assigned by applicable Business & Commerce Code provisions relating to identifying information, but does not include a commercial entity that meets any of the following criteria:

ois engaged in the business of any of the following:

§reporting, news-gathering, speaking, or engaging in other activities intended to inform the public on matters of public interest or public concern;

§providing 411 directory assistance or directory information services, including name, address, and telephone number, on behalf of or as a function of a telecommunications carrier;

§using personal information internally, by providing access to businesses under common ownership or affiliated by corporate control, or selling or providing data for a transaction or service requested by or concerning the individual whose personal information is being transferred;

§providing publicly available information using real-time or near real-time alert services for health or safety purposes; or

§collecting and selling or licensing covered information incidental to conducting the formerly described activities; or

ois engaged in business as any of the following:

§a consumer reporting agency subject to Business & Commerce Code provisions regulating consumer credit reporting agencies and the federal Fair Credit Reporting Act;

§a financial institution subject to the federal Gramm-Leach-Bliley Act and regulations implementing that act; or

§a covered entity for purposes of the privacy regulations promulgated under applicable provisions of the federal Health Insurance Portability and Accountability Act of 1996; and

·"state agency" as a public entity in the executive, judicial, or legislative branch of state government.

C.S.H.B. 5081 applies only to covered information posted on a publicly accessible website on or after the bill's effective date.

It is the intent of the 89th Legislature, Regular Session, 2025, that the amendments made by the bill be harmonized with another Act of the 89th Legislature, Regular Session, 2025, relating to nonsubstantive additions to and corrections in enacted codes.

EFFECTIVE DATE

September 1, 2025.

COMPARISON OF INTRODUCED AND SUBSTITUTE

While C.S.H.B. 5081 may differ from the introduced in minor or nonsubstantive ways, the following summarizes the substantial differences between the introduced and committee substitute versions of the bill.

Both the introduced and substitute require the judicial security division of OCA to develop a process by which a written request can be filed with the director of OCA to notify a data broker or other person, on the requestor's behalf, of a written request submitted to remove applicable covered information from a publicly accessible website. The substitute specifies that the requestor is an applicable judge, but the introduced specified that the requestor is an at-risk individual.

The substitute includes a provision absent from the introduced authorizing OCA to develop or procure a statewide technology system to automate the removal request process.

With respect to the procedural provision establishing that the bill applies only to information posted on a website on or after the bill's effective date, the substitute specifies that the information is covered information and the website is a publicly accessible website, which the introduced did not do. The substitute includes additional procedural provisions, each absent from the introduced, regarding the following:

·applicability of the removal requirement provisions to covered information regardless of the date of its original posting;

·the appropriations contingency regarding implementation of a process for filing written removal requests; and

·applicability of the criminal offense provisions.