Sec. 521.126. ELECTRONICALLY READABLE INFORMATION. (a) The department may not include any information on a driver's license, commercial driver's license, or personal identification certificate in an electronically readable form other than the information printed on the license and a physical description of the licensee.
(b) Except as provided by Subsections (d), (e), (e-1), (g), (i), (j), and (n), and Section 501.101, Business & Commerce Code, a person commits an offense if the person:
(1) accesses or uses electronically readable information derived from a driver's license, commercial driver's license, or personal identification certificate; or
(2) compiles or maintains a database of electronically readable information derived from driver's licenses, commercial driver's licenses, or personal identification certificates.
(c) An offense under Subsection (b) is a Class A misdemeanor.
(d) The prohibition provided by Subsection (b) does not apply to a person who accesses, uses, compiles, or maintains a database of the information for a law enforcement or governmental purpose, including:
(1) an officer or employee of the department carrying out law enforcement or government purposes;
(2) a peace officer, as defined by Article 2.12, Code of Criminal Procedure, acting in the officer's official capacity;
(3) a license deputy, as defined by Section 12.702, Parks and Wildlife Code, issuing a license, stamp, tag, permit, or other similar item through use of a point-of-sale system under Section 12.703, Parks and Wildlife Code;
(4) a person acting as authorized by Section 109.61, Alcoholic Beverage Code;
(5) a person establishing the identity of a voter under Chapter 63, Election Code;
(6) a person acting as authorized by Section 161.0825, Health and Safety Code; or
(7) a person screening an individual who will work with or have access to children if the person is an employee or an agent of an employee of a public school district or an organization exempt from federal income tax under Section 501(c)(3), Internal Revenue Code of 1986, as amended, that sponsors a program for youth.
(e) The prohibition provided by Subsection (b)(1) does not apply to a financial institution or a business that:
(1) accesses or uses electronically readable information for purposes of identification verification of an individual or check verification at the point of sale for a purchase of a good or service by check; or
(2) accesses or uses as electronically readable information a driver's license number or a name printed on a driver's license as part of a transaction initiated by the license or certificate holder to provide information encrypted in a manner:
(A) consistent with PCI DSS Standard 3.4 to a check services company or fraud prevention services company governed by the Fair Credit Reporting Act (15 U.S.C. Section 1681 et seq.) for the purpose of effecting, administering, or enforcing the transaction; and
(B) that does not involve the sale, transfer, or other dissemination of a name or driver's license number to a third party for any purpose, including any marketing, advertising, or promotional activities.
(e-1) The prohibition provided by Subsection (b) does not apply to:
(1) a check services company or a fraud prevention services company governed by the Fair Credit Reporting Act (15 U.S.C. Section 1681 et seq.) that, for the purpose of preventing fraud when effecting, administering, or enforcing the transaction:
(A) accesses or uses as electronically readable information a driver's license number or a name printed on a driver's license; or
(B) compiles or maintains a database of electronically readable driver's license numbers or names printed on driver's licenses and periodically removes the numbers or names from the database that are at least four years old; or
(2) a financial institution that compiles or maintains a database of electronically readable information, if each license or certificate holder whose information is included in the compilation or database consents to the inclusion of the person's information in the compilation or database on a separate document, signed by the license or certificate holder, that explains in at least 14-point bold type the information that will be included in the compilation or database.
(f) A person may not use information derived from electronically readable information from a driver's license, commercial driver's license, or personal identification certificate to engage in telephone solicitation to encourage the purchase or rental of, or investment in, goods, other property, or services.
(g) If authorized by the executive or administrative head of a maritime facility as defined in the Maritime Transportation Security Act of 2002 (46 U.S.C. Section 70101 et seq.), or of a port, port authority, or navigation district created or operating under Section 52, Article III, or Section 59, Article XVI, Texas Constitution, a person may access, use, compile, or maintain in a database electronically readable information derived from a driver's license, commercial driver's license, or personal identification certificate to secure the facility or port. The information may be used only to:
(1) identify an individual;
(2) provide official credentials for an individual;
(3) track or limit the movement of an individual on facility property;
(4) establish a secure database of visitors to the facility;
(5) access the information at terminal and gate operations of the facility; or
(6) conduct other security or operational activities as determined by the executive or administrative head.
(h) Except as provided by Section 418.183, Government Code, the electronically readable information derived from a driver's license, commercial driver's license, or personal identification certificate for the purposes of Subsection (g) is confidential and not subject to disclosure, inspection, or copying under Chapter 552, Government Code.
(i) The prohibition provided by Subsection (b) does not apply to a health care provider or hospital that accesses, uses, compiles, or maintains a database of the information to provide health care services to the individual who holds the driver's license, commercial driver's license, or personal identification certificate. If an individual objects to the collection of information under this subsection, the health care provider or hospital must use an alternative method to collect the individual's information.
(j) Except as otherwise provided by this subsection, a health care provider or hospital may not sell, transfer, or otherwise disseminate the information described by Subsection (i) to a third party for any purpose, including any marketing, advertising, or promotional activities. A health care provider or hospital that obtains information described by Subsection (i) may transfer the information only in accordance with the rules implementing the federal Health Insurance Portability and Accountability Act of 1996 (Pub. L. No. 104-191). A business associate, and any subcontractor of the business associate who receives the transferred information, may use the information only to service or maintain the health care provider's or hospital's database of the information.
(k) Repealed by Acts 2015, 84th Leg., R.S., Ch. 1261 , Sec. 8, eff. January 1, 2016.
(l) For the purposes of this section, "financial institution" has the meaning assigned by 31 U.S.C. Section 5312(a)(2).
(m) In this section, "health care provider" means an individual or facility licensed, certified, or otherwise authorized by the law of this state to provide or administer health care, for profit or otherwise, in the ordinary course of business or professional practice, including a physician, nurse, dentist, podiatrist, pharmacist, chiropractor, therapeutic optometrist, ambulatory surgical center, urgent care facility, nursing home, home and community support services agency, and emergency medical services personnel as defined by Section 773.003, Health and Safety Code.
(n) The prohibition provided by Subsection (b) does not apply to the nonprofit organization administering the Glenda Dawson Donate Life-Texas Registry under Section 692A.020, Health and Safety Code, or an organ procurement organization, tissue bank, or eye bank, as those terms are defined by Section 692A.002, Health and Safety Code, for the purpose of scanning the individual's information on the individual's driver's license, commercial driver's license, or personal identification certificate to register the individual as an anatomical gift donor. Before transmitting information scanned under this subsection, the nonprofit organization, organ procurement organization, tissue bank, or eye bank shall:
(1) notify the individual of the registry's purpose and the purposes for which the information will be used;
(2) require the individual to verify the accuracy of the information; and
(3) require the individual to affirm consent to make an anatomical gift through the individual's use of the individual's electronic signature.
Added by Acts 1999, 76th Leg., ch. 1340, Sec. 1, eff. Sept. 1, 1999. Amended by Acts 2003, 78th Leg., ch. 1233, Sec. 1, eff. Sept. 1, 2003.
Amended by:
Acts 2005, 79th Leg., Ch. 250 (H.B. 1009), Sec. 1, eff. May 30, 2005.
Acts 2005, 79th Leg., Ch. 391 (S.B. 1465), Sec. 2, eff. September 1, 2005.
Acts 2005, 79th Leg., Ch. 1189 (H.B. 178), Sec. 2, eff. September 1, 2005.
Acts 2007, 80th Leg., R.S., Ch. 102 (H.B. 320), Sec. 1, eff. September 1, 2007.
Acts 2007, 80th Leg., R.S., Ch. 533 (S.B. 955), Sec. 1, eff. June 16, 2007.
Acts 2007, 80th Leg., R.S., Ch. 1012 (H.B. 1060), Sec. 1, eff. September 1, 2007.
Acts 2013, 83rd Leg., R.S., Ch. 67 (S.B. 166), Sec. 1, eff. September 1, 2013.
Acts 2013, 83rd Leg., R.S., Ch. 854 (H.B. 346), Sec. 1, eff. June 14, 2013.
Acts 2015, 84th Leg., R.S., Ch. 1236 (S.B. 1296), Sec. 21.001(60), eff. September 1, 2015.
Acts 2015, 84th Leg., R.S., Ch. 1261 (H.B. 3283), Sec. 4, eff. January 1, 2016.
Acts 2015, 84th Leg., R.S., Ch. 1261 (H.B. 3283), Sec. 8, eff. January 1, 2016.