77(R) HB 249 House committee report

         77R8555 JRD-D                           
         By Pitts                                               H.B. No. 249
         Substitute the following for H.B. No. 249:
         By Wolens                                          C.S.H.B. No. 249
                                A BILL TO BE ENTITLED
 1-1                                   AN ACT
 1-2     relating to reports on the extent to which the computer technology
 1-3     and electronically stored information of a state agency or a state
 1-4     contractor are vulnerable to unauthorized access or harm.
 1-5           BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
 1-6           SECTION 1. Subchapter D, Chapter 2054, Government Code, is
 1-7     amended by adding Section 2054.077 to read as follows:
 1-8           Sec. 2054.077.  VULNERABILITY REPORTS. (a)  In this section,
 1-9     a term defined by Section 33.01, Penal Code, has the meaning
1-10     assigned by that section.
1-11           (b)  The information resources manager of a state agency may
1-12     prepare or have prepared a report assessing the extent to which a
1-13     computer, a computer program, a computer network, a computer
1-14     system, computer software, or data processing of the agency or of a
1-15     contractor of the agency is vulnerable to unauthorized access or
1-16     harm, including the extent to which the agency's or contractor's
1-17     electronically stored information is vulnerable to alteration,
1-18     damage, or erasure.
1-19           (c)  Except as provided by this section, a vulnerability
1-20     report and any information or communication prepared or maintained
1-21     for use in the preparation of a vulnerability report is
1-22     confidential and is not subject to disclosure under Chapter 552.
1-23           (d)  On request, the information resources manager shall
1-24     provide a copy of the vulnerability report to:
 2-1                 (1)  the department;
 2-2                 (2)  the state auditor; and
 2-3                 (3)  any other information technology security
 2-4     oversight group specifically authorized by the legislature to
 2-5     receive the report.
 2-6           (e)  A state agency whose information resources manager has
 2-7     prepared or had prepared a vulnerability report shall prepare a
 2-8     summary of the report that does not contain any information the
 2-9     release of which might compromise the security of the state
2-10     agency's or state agency contractor's computers, computer programs,
2-11     computer networks, computer systems, computer software, data
2-12     processing, or electronically stored information.  The summary is
2-13     available to the public on request.
2-14           SECTION 2. Section 2054.006(a), Government Code, is amended
2-15     to read as follows:
2-16           (a)  Except as specifically provided by this chapter, this
2-17     [This] chapter does not affect laws, rules, or decisions relating
2-18     to the confidentiality or privileged status of categories of
2-19     information or communications.
2-20           SECTION 3.  This Act takes effect immediately if it receives
2-21     a vote of two-thirds of all the members elected to each house, as
2-22     provided by Section 39, Article III, Texas Constitution.  If this
2-23     Act does not receive the vote necessary for immediate effect, this
2-24     Act takes effect September 1, 2001.