Data Privacy

How does Texas’ new data privacy law define “small business”?

Sabir Ibrahim
June 23, 2023
The Texas Data Privacy and Security Act (TDPSA), which was signed into law on June 19, is unusual in some ways.
How does Texas’ new data privacy law define “small business”?

The Texas Data Privacy and Security Act (TDPSA), which was signed into law on June 19, is unusual in some ways. Perhaps most notably, instead of setting revenue cutoffs or customer record thresholds, it references the Small Business Administration’s (SBA) definition of “small business” in exempting small businesses from many of its requirements. Though that might seem straightforward, it actually introduces a lot of complexity and uncertainty into the law. There are three main reasons for this:

  1. Congress gave the SBA significant leeway in defining “small business.” That means that the SBA can change the definition on its own without needing authorization from Congress. Because of that, the definition shifts more often than if it were entirely determined by federal statute.

  2. It puts the Texas Attorney General in the position of interpreting regulations that are defined and enforced by a completely different entity. If a company thinks it qualifies as a small business but has never applied for an SBA loan or otherwise dealt with the SBA, then it seems that Texas would need to interpret the SBA regulations itself to determine whether the data privacy law applies to that company. Even if the company has qualified for small business status with the SBA, it’s an open question whether Texas would defer to the SBA’s determination or apply its own interpretation of the SBA regulations.

  3. The SBA’s definition of “small business” isn’t necessarily straightforward. In fact, practically speaking, the SBA doesn’t really have a single unitary definition of “small business.” The SBA uses different revenue and employee headcount numbers for determining small business status in different industries. The SBA also considers a company’s affiliates and whether or not an affiliate controls the company in determining whether the company qualifies as a small business. That alone can be a complex analysis.

The take-home is that small businesses need to be careful in determining whether the law applies to them. A company might consider itself a small business and might even be considered a small business by the SBA, but that may not necessarily mean that it qualifies as a small business under the TDPSA.

Back to Blog

Who is Dev Legal?

Sabir Ibrahim

Managing Attorney

During his 18-year career as an attorney and technology entrepreneur, Sabir has advised clients ranging from pre-seed startups to Fortune 50 companies on a variety of issues within the intersection of law and technology. He is a former associate at the law firm of Greenberg Traurig, a former corporate counsel at Amazon, and a former senior counsel at Roku. He also founded and managed an IT managed services provider that served professional services firms in California, Oregon, and Texas.

Sabir is also co-founder of Chinstrap Community, a free resource center on commercial open source software (COSS) for entrepreneurs, investors, developers, attorneys, and others interested in open source software entrepreneurship.

Sabir received his BSE in Computer Science from the University of Michigan College of Engineering. He received his JD from the University of Michigan Law School, where he was an article editor of the Michigan Telecommunications & Technology Law Review.

Sabir is licensed to practice in California and before the United States Patent & Trademark Office (USPTO). He is formerly a Certified Information Privacy Professional (CIPP/US).

Sabir Ibrahim, Managing Attorney

What can Dev Legal do for you?

Areas Of Expertise

We aim to advise clients in a manner that minimizes noncompliance risks without compromising operational efficiency or business interests. The areas in which we assist clients, either alone or in collaboration with affiliates, include:

Technology License Agreements

Drafting, reviewing, and negotiating software licenses, SaaS agreements, and other technology contracts.

Open Source Software Matters

License compliance, contribution policies, and open source business strategy.

SaaS Agreements

Subscription agreements, terms of service, and service level agreements for cloud-based services.

Intellectual Property Counseling

Trademark, copyright, and patent strategy for technology companies.

Product Counseling

Legal review of product features, marketing materials, and compliance with regulations.

Terms of Service and Privacy Policies

Creating and updating legal documents for websites and applications.

Assessment of Contractual Requirements

Reviewing obligations and ensuring compliance with complex agreements.

Information Management Policies

Data governance, retention policies, and information security procedures.

Risk Mitigation Strategy

Identifying legal risks and developing strategies to minimize exposure.

Join Our Email Newsletter List And Receive Our Free Compliance Explainer

Our one-page Dev Legal Compliance Explainer is an easy-reference guide to understanding compliance concepts for you or your clients. Our email newsletter includes information about news and recent developments in the technology regulatory landscape and is sent approximately once a month.

Contact Us

Get In Touch

Email

inquiries@devlegal.io

Phone

510.255.3766

Mail

PO Box 721
Union City, CA 94587