BILL ANALYSIS

 

 

 

H.B. 984

By: Capriglione

State Affairs

Committee Report (Unamended)

 

 

 

BACKGROUND AND PURPOSE

 

State agencies collect substantial amounts of sensitive personal information from the public, including credit card numbers and other financial information, driver’s license and social security numbers, and health records. As the amount of data collected by the government grows, public concern has increased about how that data is collected, used, shared, and maintained. Privacy laws and industry best practices are rapidly changing in response to this public concern and state agencies must develop and implement strong privacy policies that inform the public about the collection and use of personal information. Few state agencies have resources and employees specifically dedicated to addressing privacy matters and ensuring compliance with privacy laws and regulations. State agencies need a designated resource they can call on to provide information and guidance about state and federal privacy laws and the responsible collection, use, and maintenance of sensitive personal information. H.B. 984 seeks to address this need by requiring the employment of a chief privacy officer by the Department of Information Resources to serve as a resource for state agencies on legal and policy matters involving data privacy.

 

CRIMINAL JUSTICE IMPACT

 

It is the committee's opinion that this bill does not expressly create a criminal offense, increase the punishment for an existing criminal offense or category of offenses, or change the eligibility of a person for community supervision, parole, or mandatory supervision.

 

RULEMAKING AUTHORITY

 

It is the committee's opinion that this bill does not expressly grant any additional rulemaking authority to a state officer, department, agency, or institution.

 

ANALYSIS

 

H.B. 984 amends the Government Code to require the executive director of the Department of Information Resources (DIR) to employ a chief privacy officer to provide assistance to executive and judicial branch state agencies on legal and policy matters involving data privacy. The bill requires the chief privacy officer to do the following:

·         conduct a biennial privacy review that compiles information about the data privacy practices of those state agencies, including certain specified information for each agency;

·         develop and implement best practices among the agencies to ensure compliance with privacy laws;

·         provide the agencies and their employees with guidance related to those best practices; and

·         coordinate data protection in cooperation with DIR's chief information officer and chief data officer.

The bill requires each applicable agency to cooperate with the chief privacy officer in fulfilling the responsibilities of the position.

 

H.B. 984 authorizes the chief privacy officer to assist local governments and the public with data privacy and protection concerns by doing the following:

·         developing and promoting the dissemination of best practices for the collection and storage of personally identifiable information, including establishing and conducting training programs for local governments; and

·         educating consumers about the use of personally identifiable information on mobile and digital networks and measures that can help protect the user's data.

 

EFFECTIVE DATE

 

September 1, 2023.