BILL ANALYSIS

H.B. 3390

By: Thompson, Ed

Transportation

Committee Report (Unamended)

BACKGROUND AND PURPOSE

In 2020, a ransomware attack was carried out against the Texas Department of Transportation (TxDOT). Fortunately, TxDOT was able to quickly identify, quarantine, and address the attack to minimize disruptions to its operations across Texas. As TxDOT continues to upgrade and refine its IT systems, the existing insurance policy covering these systems is inadequate and TxDOT should be able to obtain a separate insurance policy for cybersecurity. H.B. 3390 seeks to address this issue by authorizing TxDOT to purchase insurance coverage to protect against data breaches or cyber attacks.

CRIMINAL JUSTICE IMPACT

It is the committee's opinion that this bill does not expressly create a criminal offense, increase the punishment for an existing criminal offense or category of offenses, or change the eligibility of a person for community supervision, parole, or mandatory supervision.

RULEMAKING AUTHORITY

It is the committee's opinion that this bill does not expressly grant any additional rulemaking authority to a state officer, department, agency, or institution.

ANALYSIS

H.B. 3390 amends the Transportation Code to authorize the Texas Department of Transportation to purchase insurance coverage that it considers necessary to protect against liability, revenue, and property losses that may result from a data breach or cyber attack. The insurance purchased may include coverage for business and dependent business interruption loss, breach response, data recovery, cyber extortion or ransomware response, fiduciary liability, media liability, professional liability, or expenses for general incident management, such as investigation, remediation, and notification.

EFFECTIVE DATE

On passage, or, if the bill does not receive the necessary vote, September 1, 2021.