LEGISLATIVE BUDGET BOARD
Austin, Texas
 
FISCAL NOTE, 79TH LEGISLATIVE REGULAR SESSION
 
April 17, 2005

TO:
Honorable David Swinford, Chair, House Committee on State Affairs
 
FROM:
John S. O'Brien, Deputy Director, Legislative Budget Board
 
IN RE:
HB3278 by Isett (Relating to the management, security, and protection of personal information and governmental records; providing a criminal penalty.), As Introduced



Estimated Two-year Net Impact to General Revenue Related Funds for HB3278, As Introduced: a negative impact of ($17,158,357) through the biennium ending August 31, 2007.

The bill would make no appropriation but could provide the legal basis for an appropriation of funds to implement the provisions of the bill.



Fiscal Year Probable Net Positive/(Negative) Impact to General Revenue Related Funds
2006 ($8,932,877)
2007 ($8,225,480)
2008 ($8,354,522)
2009 ($7,146,932)
2010 ($7,550,164)




Fiscal Year Probable Savings/(Cost) from
GENERAL REVENUE FUND
1
Change in Number of State Employees from FY 2005
2006 ($8,932,877) 172.0
2007 ($8,225,480) 172.0
2008 ($8,354,522) 172.0
2009 ($7,146,932) 172.0
2010 ($7,550,164) 172.0

Fiscal Analysis

The bill would require that certain personal information--social security numbers, bank account information, computer password/network information--are confidential.  The bill further states that a governmental body that receives a request for the three categories of information need not release the personal information about an individual or request a ruling from the Office of the Attorney General (OAG) under the Public Information Act (the "PIA").  The bill requires the OAG to adopt new administrative rules and legal analyses for this type of information. The bill states that a decision by the OAG under this process may be challenged in court in the same manner that an open records ruling may be challenged.  Subchapter C requires the OAG to establish additional guidelines for local entities to follow when responding to open records requests.

Subchapter B requires the state auditor to establish auditing guidelines to ensure that state and local governmental entities, that the state auditor has authority to audit under other law, do not collect or retain more personal information than necessary for a legitimate government purpose and establish an information management system that protects the privacy and security of collected information.  The bill would allow the state auditor to audit a state or local governmental entity for compliance with the guidelines.   

The bill would prohibit a governmental body from storing a biometric identifier of an individual in a database, which would include fingerprints.

The bill would require governmental agencies to develop a privacy policy setting out guidelines for agency use relating to collection and disclosure of personal information of individuals. 


Methodology

The Office of the Attorney General (OAG) projects that the provisions of the bill would require a two-step review process for public information requests.  Requests first would be reviewed under the existing Public Information Act, then in cases that involve social security numbers, bank account information, computer password/network information; those requests would be reviewed under the provisions outlined in the bill.  It is estimated that the OAG would need 4 additional attorneys and 2 support staff to comply with the provisions of the bill at a cost of $438,962 in fiscal year 2006 and $402,700 each fiscal year thereafter out of the General Revenue Fund.

The State Auditor estimates that the cost to update existing audit guidelines to comply with the requirements of the bill would total approximately 250 hours or $16,500 in fiscal year 2006. The cost would be approximately 100 hours, or $6,600, to update the guidelines in each subsequent fiscal year. Overall, the costs would not be significant and could be absorbed within the existing resources.

The methodology for estimating costs for the Department of Public Safety (DPS) assumes that no one within the state of Texas would be able to maintain biometric identifiers in databases.  DPS currently uses an Automated Fingerprint Information System (AFIS).  Since fiscal year 2001, DPS has received $13,520,445 for AFIS.  Under the provisions of the bill, the data currently stored by automated means within DPS would have to revert back to manual storage, comparison, and search.  In order to accommodate a manual system, additional FTEs and storage would be required.  It would also result in a lag in the time required to complete a background search/check.  Amounts estimated for DPS include 166 FTEs, with costs ranging from $4.9 million in 2006 to $5.5 million in 2010.  In addition, fiscal years 2006 through 2008 include computer programming costs of $1.3 million each year.  And, $1.3 million each fiscal year is included for rent and storage costs.  Other incidental costs are also included for DPS.


Technology

There is a one-time cost of $12,222 for technology needs (network stations) at the OAG.  In addition, $1.3 million is included each fiscal year for programming costs at DPS.


Local Government Impact

According to the Harris County Office of Budget Management, the provisions of Section 3 of the bill would possibly eliminate the use of the Sheriff's Department’s AFIS system, a fingerprint identification system used by law enforcement. Other important systems may be jeopardized as well; including the "Pupilometers" used for drug testing that must compare eye-scans with a baseline scan for that person. Other new systems of identification would have to be created and utilized, at great cost to the county. Other local law enforcement agencies that use these types of identification systems would have comparable costs.

There could be some costs to local governments to discontinue the use of an individual’s social security number upon request from the individual, but the costs would depend on the number of requests.
 
There would be some costs to local governments that have not yet established data collection procedures or a general or Internet privacy policy. These costs are not expected to be significant.
 
The redistribution of unexpended records management and preservation fees would result in no significant impact to the overall budget of a county.
 
The bill would require local entities to be trained on and comply with two sets of laws relating to public information requests. The Office of the Attorney General anticipates that there will be an operational and fiscal impact to local governments to comply with the law.


Source Agencies:
302 Office of the Attorney General, 308 State Auditor's Office, 313 Department of Information Resources, 405 Department of Public Safety
LBB Staff:
JOB, SR, MS, KJG