Although nineteen U.S. states, including California’s Consumer Privacy Act (CCPA), have enacted data privacy laws, state-level enforcement has remained limited.

This was until January 2025 when Texas’s Attorney General (AG) took a landmark step by filing the first-ever enforcement action under the Texas Data Privacy and Security Act (TDPSA).

In this week’s feature of the VENZA Echo, we explore the significance of this precedent-setting case and its impact on hoteliers.

Overview

On 13 January, Texas AG Ken Paxton initiated the first enforcement action under its data privacy law, TDPSA, by filing a lawsuit against Allstate and its subsidiary, Arity.

The lawsuit alleges that these companies unlawfully collected, utilized, and sold geolocation and movement data from Texans’ cell phones without proper consent.

According to the complaint, Allstate embedded a software development kit into popular third-party mobile apps, enabling continuous tracking of users’ real-time locations and driving behaviors.

This data was allegedly aggregated into a vast database and sold to other insurance carriers, potentially affecting driver risk assessments and insurance premiums.

Significance

This lawsuit marks one of the rare instances of state-level enforcement of data privacy laws in the U.S. outside of California’s CCPA, which has been in effect since 2020.

While Texas’s Attorney General’s Office has previously issued warnings to organisations that have violated data privacy regulations since the TDPSA took effect in 2024, this case represents the first significant legal action against a business accused of breaching state privacy restrictions.

This move may mark a pivotal shift in U.S. data privacy regulation, signaling that state attorneys general may take a more aggressive approach to enforcing compliance. It has potential to set a precedent that could drive stricter oversight and broaden regulatory enforcement beyond California’s existing framework.

Additionally, if Texas’s enforcement is successful, it could embolden other states with data privacy statutes to follow suit, accelerating the shift toward stronger enforcement of consumer data rights nationwide.

Implications for Hoteliers

Texas’s enforcement of its privacy law highlights the growing urgency for hoteliers to align with evolving state regulations.

To avoid severe legal, financial, and reputational consequences, hoteliers should take proactive steps to ensure compliance.

These include:

*Update Privacy Policies: Ensure all data collection practices are transparently disclosed to guests, detailing what data is collected, how it is used, and with whom it is shared.

*Obtain Explicit Consent: Confirm explicit consent is obtained when collecting sensitive information or tracking guest behaviors.

*Provide Consumers with Opt-Out Controls: Establish at least two accessible methods for consumers to exercise their rights, ensuring that consent mechanisms are free from deceptive or misleading design elements.

*Data Protection Assessment: Perform a risk-based evaluation before engaging in targeted advertising, data sales, or other high-risk processing activities, including sensitive data processing, ensuring compliance with similar assessments required under other privacy laws.

Moving Forward

Texas’s enforcement of its data privacy law marks a turning point in state-level regulation, paving the way for increased scrutiny nationwide. To stay ahead of evolving privacy regulations, hoteliers must proactively strengthen compliance efforts.

Feeling overwhelmed? Don’t be. As a leader in hospitality data protection, VENZA provides vendor security assessments and privacy management solutions to help hoteliers navigate the evolving global regulatory landscape.

Ready to get started? Contact Sales to discuss signing up for our programs or adding new solutions to your contract.

***

Take VENZA’s free Phishing Test to assess gaps in your human firewall today!

Training your personnel to recognize and report phishing attempts is essential to protecting your guests and their data. Get started by determining your risk and readiness level using this free tool.

***

Want to stay informed? Subscribe to the free VENZA Echo now. You’ll receive a monthly digest with the highlights of our weekly article series and important product updates and news from VENZA.