77(R) HB 249 Senate committee report

 1-1     By:  Pitts (Senate Sponsor - Shapiro)                  H.B. No. 249
 1-2           (In the Senate - Received from the House May 7, 2001;
 1-3     May 7, 2001, read first time and referred to Committee on State
 1-4     Affairs; May 11, 2001, reported favorably by the following vote:
 1-5     Yeas 8, Nays 0; May 11, 2001, sent to printer.)
 1-6                            A BILL TO BE ENTITLED
 1-7                                   AN ACT
 1-8     relating to reports on the extent to which the computer technology
 1-9     and electronically stored information of a state agency or a state
1-10     contractor are vulnerable to unauthorized access or harm.
1-11           BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
1-12           SECTION 1. Subchapter D, Chapter 2054, Government Code, is
1-13     amended by adding Section 2054.077 to read as follows:
1-14           Sec. 2054.077.  VULNERABILITY REPORTS. (a)  In this section,
1-15     a term defined by Section 33.01, Penal Code, has the meaning
1-16     assigned by that section.
1-17           (b)  The information resources manager of a state agency may
1-18     prepare or have prepared a report assessing the extent to which a
1-19     computer, a computer program, a computer network, a computer
1-20     system, computer software, or data processing of the agency or of a
1-21     contractor of the agency is vulnerable to unauthorized access or
1-22     harm, including the extent to which the agency's or contractor's
1-23     electronically stored information is vulnerable to alteration,
1-24     damage, or erasure.
1-25           (c)  Except as provided by this section, a vulnerability
1-26     report and any information or communication prepared or maintained
1-27     for use in the preparation of a vulnerability report is
1-28     confidential and is not subject to disclosure under Chapter 552.
1-29           (d)  On request, the information resources manager shall
1-30     provide a copy of the vulnerability report to:
1-31                 (1)  the department;
1-32                 (2)  the state auditor; and
1-33                 (3)  any other information technology security
1-34     oversight group specifically authorized by the legislature to
1-35     receive the report.
1-36           (e)  A state agency whose information resources manager has
1-37     prepared or has had prepared a vulnerability report shall prepare a
1-38     summary of the report that does not contain any information the
1-39     release of which might compromise the security of the state
1-40     agency's or state agency contractor's computers, computer programs,
1-41     computer networks, computer systems, computer software, data
1-42     processing, or electronically stored information.  The summary is
1-43     available to the public on request.
1-44           SECTION 2. Section 2054.006(a), Government Code, is amended
1-45     to read as follows:
1-46           (a)  Except as specifically provided by this chapter, this
1-47     [This] chapter does not affect laws, rules, or decisions relating
1-48     to the confidentiality or privileged status of categories of
1-49     information or communications.
1-50           SECTION 3.  This Act takes effect immediately if it receives
1-51     a vote of two-thirds of all the members elected to each house, as
1-52     provided by Section 39, Article III, Texas Constitution.  If this
1-53     Act does not receive the vote necessary for immediate effect, this
1-54     Act takes effect September 1, 2001.
1-55                                  * * * * *