Texas SB 2610 is a new state law — effective September 1, 2025 — that protects small and mid-sized businesses from punitive damages in data breach lawsuits. If your business had a compliant cybersecurity program in place before a breach occurred, courts cannot award exemplary damages against you. ASX IT helps businesses throughout Dallas Fort Worth achieve Texas SB 2610 cybersecurity compliance.
⚠ Critical: Your cybersecurity program must be in place BEFORE a breach occurs. You cannot implement controls after a breach and claim safe harbor protection retroactively.
Texas Senate Bill 2610 creates a legal safe harbor for businesses that maintain a written cybersecurity program aligned with recognized industry standards. If your business is sued following a data breach, and you had a compliant program in place, the court is prohibited from awarding punitive or exemplary damages against you.
The law is designed to incentivize Texas businesses to proactively invest in cybersecurity and reward those who do with meaningful legal protection.
ASX IT provides free cybersecurity compliance assessments for businesses throughout the Dallas Fort Worth metroplex. We will evaluate your current posture against Texas SB 2610 Cybersecurity Compliance requirements, identify your compliance tier, and give you a clear action plan to achieve safe harbor protection.
Protect your business before a breach happens.
If you can answer YES to all three of these questions, SB 2610 applies to you:
For most small and mid-sized businesses in the Dallas Fort Worth metroplex including medical practices, dental offices, behavioral health providers, churches, nonprofits, and general SMBs — the answer to all three is yes.
The law divides businesses into three tiers based on employee count. Each tier has specific cybersecurity requirements that must be documented and implemented to qualify for safe harbor protection.
Tier 1: Under 20 Employees | Tier 2: 20–99 Employees | Tier 3: 100–249 Employees |
Basic Security Controls • Strong password policies • Cybersecurity awareness training • Basic access controls • Data backup procedures | CIS Controls v8 IG1 • Asset inventory management • Data protection policies • Secure configuration standards • Access control management • Vulnerability management | Full Framework Compliance • NIST CSF or ISO 27001 • HIPAA/PCI DSS if applicable • Comprehensive risk management • Incident response planning • Third-party risk assessment |
Medical practices, dental offices, behavioral health providers, and other healthcare organizations in DFW have a significant advantage under Texas SB 2610 Cybersecurity Compliance: if you are already maintaining HIPAA compliance, you may already qualify for safe harbor protection under the law.
HIPAA is one of the recognized frameworks under SB 2610. This means your existing HIPAA cybersecurity program (risk assessments, access controls, encryption, audit logging, and employee training) directly maps to SB 2610 compliance requirements.
ASX IT provides HIPAA-compliant IT services for healthcare practices throughout Dallas Fort Worth. We can assess your current HIPAA compliance posture and confirm whether you already meet SB 2610 requirements or identify the specific gaps that need to be addressed.
Churches and nonprofits in the Dallas Fort Worth area collect and store sensitive data including member contact information, financial contribution records, and in some cases pastoral counseling notes or healthcare information. This data makes faith-based organizations potential targets for breach lawsuits and Texas SB 2610 compliance protection is directly relevant.
Most churches and nonprofits with fewer than 20 employees fall into Tier 1, which requires basic security controls: strong password policies, cybersecurity awareness training, access controls, and data backup procedures. ASX IT helps faith-based organizations throughout DFW implement these foundational controls at budget-conscious pricing that respects stewardship principles.
ASX IT provides a complete Texas SB 2610 cybersecurity compliance pathway for small and mid-sized businesses
throughout the Dallas Fort Worth metroplex. Our process:
We evaluate your current cybersecurity posture against SB 2610 requirements for your tier. We identify what you already have in place and what gaps need to be addressed.
SB 2610 requires a documented, written cybersecurity program. We develop this documentation for your business, aligned to the appropriate framework for your tier and industry.
We implement the technical safeguards required for your tier, including endpoint protection, access controls, encryption, patch management, backup systems, and monitoring.
All tiers require cybersecurity awareness training for employees. We provide regular training programs that keep your staff informed and your compliance documentation current.
SB 2610 compliance is not a one-time project. As your managed IT partner, ASX IT provides continuous monitoring, annual risk assessments, and updated documentation to maintain your safe harbor status.
Texas SB 2610 became effective September 1, 2025. If your business experienced a breach after this date without a compliant cybersecurity program in place, you would not be protected from punitive damages.
Yes. If your practice has fewer than 250 employees and operates in Texas. Healthcare practices already maintaining HIPAA compliance may already qualify for safe harbor protection since HIPAA is a recognized framework under the law.
Yes. Churches and nonprofits storing member, donor, or client personal data are covered. Most faith-based organizations fall into Tier 1, which has straightforward basic security requirements.
A documented set of policies, procedures, and technical controls aligned to a recognized cybersecurity framework (such as CIS Controls, NIST CSF, or HIPAA). The program must be implemented and active before any breach occurs, not created after the fact.
For most small DFW businesses in Tier 1 or Tier 2, SB 2610 compliance can be achieved as part of a standard managed IT services engagement with ASX IT. Contact us for a free assessment and custom quote based on your tier and current security posture.
Technically yes, but the documentation requirements, technical implementations, and ongoing monitoring are difficult to maintain without dedicated IT expertise. The cost of non-compliance (a data breach lawsuit with punitive damages) far exceeds the cost of a managed IT partnership that maintains compliance for you.
From streamlined systems and secure networks to industry compliance, ASX IT helps your organization Assess, Secure, and eXcel.
817-310-8903
ASX IT © 2026 – Design and Developed by Kashif
