77(R) HB 249 Introduced version

         By Pitts                                               H.B. No. 249
         77R1266 JRD-D                           
                                A BILL TO BE ENTITLED
 1-1                                   AN ACT
 1-2     relating to reports on the extent to which the computer technology
 1-3     and electronically stored information of a state agency or a state
 1-4     contractor are vulnerable to unauthorized access or harm.
 1-5           BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
 1-6           SECTION 1. Subchapter D, Chapter 2054, Government Code, is
 1-7     amended by adding Section 2054.077 to read as follows:
 1-8           Sec. 2054.077.  VULNERABILITY REPORTS. (a)  In this section,
 1-9     a term defined by Section 33.01, Penal Code, has the meaning
1-10     assigned by that section.
1-11           (b)  The information resources manager of a state agency may
1-12     prepare or have prepared a report assessing the extent to which a
1-13     computer, a computer program, a computer network, a computer
1-14     system, computer software, or data processing of the agency or of a
1-15     contractor of the agency is vulnerable to unauthorized access or
1-16     harm, including the extent to which the agency's or contractor's
1-17     electronically stored information is vulnerable to alteration,
1-18     damage, or erasure.
1-19           (c)  Except as provided by this section, a vulnerability
1-20     report and any information or communication prepared or maintained
1-21     for use in the preparation of a vulnerability report is
1-22     confidential and is not subject to disclosure under Chapter 552.
1-23           (d)  On request, the information resources manager shall
1-24     provide a copy of the vulnerability report to:
 2-1                 (1)  the department; and
 2-2                 (2)  any other information technology security
 2-3     oversight group specifically authorized by the legislature to
 2-4     receive the report.
 2-5           (e)  A state agency whose information resources manager has
 2-6     prepared or had prepared a vulnerability report shall prepare a
 2-7     summary of the report that does not contain any information the
 2-8     release of which might compromise the security of the state
 2-9     agency's or state agency contractor's computers, computer programs,
2-10     computer networks, computer systems, computer software, data
2-11     processing, or electronically stored information.  The summary is
2-12     available to the public on request.
2-13           SECTION 2. Section 2054.006(a), Government Code, is amended
2-14     to read as follows:
2-15           (a)  Except as specifically provided by this chapter, this
2-16     [This] chapter does not affect laws, rules, or decisions relating
2-17     to the confidentiality or privileged status of categories of
2-18     information or communications.
2-19           SECTION 3.  This Act takes effect immediately if it receives
2-20     a vote of two-thirds of all the members elected to each house, as
2-21     provided by Section 39, Article III, Texas Constitution.  If this
2-22     Act does not receive the vote necessary for immediate effect, this
2-23     Act takes effect September 1, 2001.