State Compliance · Texas

ITAD in Texas: The Disposal Law and the Breach Rules

Texas leans on manufacturer take-back and federal hazardous-waste rules rather than a landfill ban — but its breach law is aggressive, with Attorney General notice triggered at just 250 residents. Here's what that means for retiring IT equipment.

By Brian Boynton Updated 6 min read

TL;DR

Texas runs manufacturer take-back programs for computers and TVs with no statewide landfill ban, so business e-waste is governed largely by federal hazardous-waste rules. Its breach law is strict: 60-day notice and Attorney General notice at just 250 residents — among the lowest thresholds anywhere.

  • Texas runs the Texas Recycles Computers and TV manufacturer take-back programs — but sets no statewide landfill ban.
  • Business e-waste is governed largely by federal RCRA / Universal Waste rules, which Texas has adopted.
  • The breach law requires notice within 60 days and Attorney General notice at just 250 residents — among the lowest thresholds in the U.S.
  • A serialized certificate of destruction keeps a retirement event from becoming a notification event.

01 / THE DISPOSAL LAWTake-back, not a ban

Texas addresses electronics through manufacturer take-back: the Texas Recycles Computers program and a parallel television recycling program require manufacturers to offer free collection to consumers. Texas sets no statewide landfill ban on covered electronics.

For businesses, the controlling rules are largely federal. Many components — CRTs, batteries, circuit boards, mercury devices — qualify as hazardous waste under RCRA, and Texas has adopted the EPA Universal Waste Rule, which sets labeling, storage, and time limits. Improper burning or landfilling of electronics can trigger federal violations. Bottom line: Texas relies on take-back plus the federal hazardous-waste floor — a compliant, documented recycler keeps you on the right side of both.

02 / THE BREACH LAWOne of the lowest thresholds anywhere

Texas's breach-notification statute (Tex. Bus. & Com. Code § 521.053) requires notifying affected residents within 60 days and notifying the Attorney General when 250 or more residents are affected — one of the lowest AG thresholds in the country. The definition of "sensitive personal information" is broad, reaching health and biometric data, and the Texas AG has been aggressive on privacy enforcement.

A lost or stolen unsanitized drive holding residents' sensitive personal information can clear that 250-resident bar quickly. Bottom line: media destroyed to NIST 800-88 with documentation is not exposed data — the cleanest way to stay below the threshold by having no exposed data at all.

03 / WHAT IT MEANSOne certified process satisfies both

Read together, Texas's rules point the same direction. An organization retiring IT equipment in Texas has to handle the device lawfully (take-back plus the federal hazardous-waste floor, with no landfill ban) and be able to prove the data on it is gone under the state's breach-notification law. Handled separately, those are two compliance tracks. Handled as one certified IT asset disposition process, they collapse into a single workflow: compliant recycling, documented NIST 800-88 data destruction with serialized certificates, and an unbroken chain of custody.

That combined standard is what an R2v3, NAID AAA, and RIOS-certified provider is built to deliver. CyberCrunch is headquartered in Greensburg, Pennsylvania, and serves organizations across Texas and all 50 states with on-site and facility-based destruction and documented recycling.

04 / SOURCESWhere this comes from

  • Texas breach law (Tex. Bus. & Com. Code § 521.053); see IAPP state breach-notification chart — source
  • Texas Recycles Computers / TV recycling programs — ERI state e-waste legislation overview — source

This page is provided for general informational purposes only and reflects publicly available sources as of June 2026. It is not legal advice and does not create an attorney-client relationship. Laws and regulations change frequently and are subject to interpretation; CyberCrunch makes no representation or warranty as to the accuracy, completeness, or currency of this information and assumes no liability for any reliance on it. Always do your own research and confirm the current requirements for your organization with qualified legal counsel before acting.

05 / FAQFrequently asked questions

Does Texas ban electronics from landfills?
No. Texas relies on manufacturer take-back (Texas Recycles Computers and a TV program) plus federal RCRA and Universal Waste rules rather than a statewide landfill ban.

How should a Texas business handle e-waste?
Route retired equipment to a compliant recycler. Many components are federally regulated hazardous waste, and improper landfilling or burning can trigger EPA enforcement.

When must a Texas organization report a data breach?
Within 60 days to affected residents, and to the Attorney General when 250 or more residents are affected — one of the lowest thresholds in the country.

Does destroying a drive remove breach-notification risk?
Media sanitized or destroyed to NIST 800-88 standards, with documentation, is not exposed data — the practical defense against a disposal-driven breach.