TDPSA Data Compliance with Streamdal

We're updating our documentation, so the presented info might not be the most recent.
Beta

The data compliance features of Streamdal are currently in beta, and being tested with a select group of contributors, companies, and design partners. If you would like to participate in the beta, please reach out to us.

The Texas Data Privacy and Security Act (TDPSA) is a Texas law that will go into effect on July 1, 2024. It regulates the collection, processing, and use of sensitive data.

Streamdal can help keep your data in compliance with this regulation.

Streamdal’s Approach

You can leverage Streamdal for:

Data Minimization: The Streamdal SDK can enforce rules on consumers and producers to reject or alert on data if it contains more personal data than what is necessary, ensuring data minimization.

De-identifying and Masking Data: From the Console UI, you can establish rules and attach them to your producers and consumers as pipelines that data must adhere to in order to proceed through your systems. You can have the SDK filter and alert for PII, and obfuscate sensitive fields to ensure only pseudonymous data is used in appropriate systems.

Coming Soon: A visual guide on setting up TDPSA-specific rules in the Console UI.

Regulatory Insights

We wanted to make researching the relevant data regulations easier and give a better idea of where Streamdal could be the most impactful for your organization. In most cases, the combination of the observability and data governance capabilities will ensure successful compliance.

While more sections could be applicable, below are two taken from the TDPSA1 along with how Streamdal can help with data compliance:

§ SectionsHow Streamdal helps comply
Sec. 541.101 Controller Duties; Transparency.The Streamdal SDK allows you to create rules ensuring only necessary data is collected and moves through your systems.

For example, you could ensure fields like social security number, IP address, or credit card number are never transferred into storage or critical environments, or are obfuscated/masked.
Sec. 541.106 Deidentified or Pseudonymous Data.Similar to ensuring data minimization, you can establish rules to ensure data is deidentified or made pseudonymous before it reaches your analytical systems.

Fields like name, address, e-mail, and much more can all be masked or turned into pseudonymous data in real time.

Footnotes

  1. Texas Legislature. (2023). Business & Commerce Code: Title 11, Subtitle C. Consumer Data Protection, Chapter 541. Consumer Data Protection, Subchapter A. General Provisions, Texas Data Privacy and Security Act (TDPSA). [Sec. 541.101 Controller Duties; Transparency; Sec. 541.106 Deidentified or Pseudonymous Data]. https://capitol.texas.gov/tlodocs/88R/billtext/pdf/HB00004I.pdf ↩