Texas’s Privacy Law: What Is a 'Small Business'?

On July 1, 2024, the Texas Data Privacy and Security Act (TDPSA) will go into effect, along with a few other new state privacy laws. While the Texas law has many of the same familiar components as its counterparts in other states—disclosure obligations, privacy rights, etc.—it does have at least one feature that sets it apart: The TDPSA only applies to “small businesses,” as that term is defined by the Small Business Administration (SBA).

This rule has many organizations wondering, “What is the SBA’s definition of a small business?”

The SBA Definition of “Small Business”

The SBA’s definition of a small business probably doesn’t match up with the average person’s idea of what that term means, i.e., a mom-and-pop shop with just a handful of employees. According to SBA, a small business may have hundreds of employees and tens of millions of dollars in annual revenue.

So what is the SBA definition of a small business? Unfortunately, there is no single, simple answer to the question, because the SBA’s standard varies by industry. The only way to determine whether your business qualifies as a small business is to look up your industry on the SBA Table of Size Standards. There you will find industries broken up by North American Industry Classification System (NAICS) code. If you don’t know your industry’s NAICS code, searching for broad terms such as “retailer,” “services” or “manufacturing” should help get you in the general area.

For each industry, there will be a size standard expressed either in millions of dollars (annual receipts) or number of employees. Any business that falls under the limit is considered a small business. For example, “baked goods retailers” (NAICS #445291) have a size standard of $16 million. If a baked goods retailer had total annual receipts of $15 million, it would be considered a small business. “Footwear merchant wholesalers” (NAICS #424340), on the other hand, have a size standard of 200 employees, so a company in that industry with 201 employees would not be a small business.

Calculating the Size Standard

Some businesses will look at their industry’s SBA size standard and know right away if they are above or below the limit. For others, it may be a closer call, so knowing how to calculate annual receipts or number of employees becomes more important.

Before moving on to the details, it’s important to note that affiliated businesses should all be counted together. Separate businesses are affiliated when one has the power to control the other. For example, if a business has several subsidiaries, the annual receipts or employees of those subsidiaries should be counted as well.

Read the official guidelines

Annual Receipts

To determine this figure, businesses must calculate their average annual receipts over the past five years. If your company hasn’t yet been in business for five years, divide the company’s total receipts by the number of weeks it has been in business, which gives you a weekly average, then multiply that weekly average by 52.

“Receipts” means “all revenue in whatever form received or accrued from whatever source, including from the sales of products or services, interest, dividends, rents, royalties, fees, or commissions, reduced by returns and allowances.”

If that sounds complicated, there is actually a simple formula:

Total Income + Cost of Goods Sold = Total receipts

Your Total Income and Cost of Goods Sold should already be included in your business’s tax returns (most commonly in either Form 1065 or Form 1120), so it shouldn’t take a lot of work to track these numbers down.

Number of Employees

If the size standard that applies to your industry is the number of employees, you should calculate the average number of employees at your company for each pay period over the last 24 months. If your company has been in business for less than 24 months, it should calculate the average number of employees for each pay period for as long as the company has been in business.

Part-time and temporary employees should be counted as employees.

We’re a Small Business, What Now?

For those companies that are considered small businesses under the SBA rules, the vast majority of the TDPSA will not apply to you. However, there is still one Texas privacy rule that all businesses must follow, regardless of whether they are small businesses: You cannot sell consumers’ sensitive data without first getting their consent.

Sensitive data, as defined by the TDPSA, is any of the following:

• Personal data revealing racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexuality, or citizenship or immigration status
• Genetic or biometric data that is processed for the purpose of uniquely identifying an individual
• Personal data collected from a known child (under 13 years old)
• Precise geolocation data

Businesses should bear in mind that “selling” means disclosing personal data in exchange not just for money, but also for any other “valuable consideration.” For example, making your customers’ data available to a data co-operative in order to be able to target look-alike audiences is likely to be considered selling under the TDPSA.

Multi-State Privacy Compliance

As a new cluster of privacy laws goes into effect in 2024, privacy compliance just becomes more complex. For businesses without in-house privacy expertise, keeping up with all of the various requirements over time becomes too much of a burden.

TrueVault US simplifies privacy compliance across multiple state laws, so that businesses can handle it on their own. With an interface that is familiar to anyone who has done their own taxes online, TrueVault guides you through every step of the process, from onboarding vendors to handling privacy requests. When there are changes to the laws, these updates are incorporated into your Privacy Center at no extra cost, and often with no extra work!

Contact our team to learn more and view a demo of how TrueVault works.