Contracts
Review and Revise Templates: You must immediately strip "gag clauses" from standard government contract templates. Specifically, remove any language requiring a government client to:
- 1. Obtain your written consent before notifying the DIR of a breach.
- 2. Delay notification to the DIR until your internal investigation is complete (if that delay exceeds statutory reporting limits).
- 3. Indemnify you for damages resulting from a mandatory statutory report.
Existing Contracts: Do not attempt to enforce these provisions in current contracts. They are void as a matter of law.
Hiring/Training
Incident Response (IR) Teams: Train IR leads and external counsel that they cannot legally block a Texas government client from reporting an incident. Your IR protocols must shift from "controlling the disclosure" to "coordinating the data" to ensure the client's report is accurate.
Claims Adjusters (Insurance): Insurers must instruct adjusters that a government entity’s unilateral report to the DIR does not constitute a breach of policy conditions regarding "voluntary admission of liability" or "unauthorized publication."
Reporting & Record-Keeping
Internal Audit: Conduct an internal audit of active public sector contracts to identify those with voided restrictive language. While you do not need to re-paper these contracts immediately, you should attach a memo to the file noting that the notification restrictions are unenforceable under HB5331.
Fees & Costs
Litigation Risk: There are no new statutory fees. However, attempting to enforce a voided restriction in court could lead to bad-faith contracting claims and liability for the government's legal fees.
