BILL ANALYSIS

 

 

Senate Research Center                                                                                               C.S.S.B. 1884

81R21851 EAH-F                                                                                                                 By: Ellis

                                                                                                                  Government Organization

                                                                                                                                            4/21/2009

                                                                                                        Committee Report (Substituted)

 

 

AUTHOR'S / SPONSOR'S STATEMENT OF INTENT

 

Texans are under an increasing threat of identity theft and other types of fraud, with more than 35 million records containing personal information being compromised in 2008. 

 

C.S.S.B. 1884 amends current law relating to a breach of computer security involving sensitive personal information and the confidentiality of protected health information.

 

RULEMAKING AUTHORITY

 

This bill does not expressly grant any additional rulemaking authority to a state officer, institution, or agency.

 

SECTION BY SECTION ANALYSIS

 

SECTION 1.  Amends Section 521.002(a)(2), Business & Commerce Code, as effective April 1, 2009, to redefine "sensitive personal information."

 

SECTION 2.  Amends Section 521.053(a), Business & Commerce Code, as effective April 1, 2009, to redefine "breach of system security."

 

SECTION 3.  Amends Subchapter F, Chapter 2054, Government Code, by adding Section 2054.1125, as follows:

 

Sec. 2054.1125.  SECURITY BREACH NOTIFICATION BY STATE AGENCY.  (a)  Defines "breach of system security" and "sensitive personal information."

 

(b)  Requires a state agency that owns, licenses, or maintains computerized data that includes sensitive personal information to comply, in event of a breach of system security, with the notification requirements of Section 521.053 (Notification Required Following Breach of Security of Computerized Data), Business & Commerce Code, to the same extent as a person who conducts business in this state. 

 

SECTION 4.  Amends Subchapter A, Chapter 181, Health and Safety Code, by adding Section 181.006, as follows:

 

Sec. 181.006.  PROTECTED HEALTH INFORMATION NOT PUBLIC.  Provides that an individual's protected health information, for a covered entity that is a governmental unit, includes any information that reflects that an individual received health care from the covered entity, and is not public information and is not subject to disclosure under Chapter 552 (Public Information), Government Code.    

 

SECTION 5.  Amends Chapter 205, Local Government Code, by adding Section 205.010, as follows:

 

Sec. 205.010.  SECURITY BREACH NOTIFICATION BY LOCAL GOVERNMENT.  (a)  Defines "breach of system security" and "sensitive personal information." 

 

(b)  Requires a local government that owns, licenses, or maintains computerized data that includes sensitive personal information to comply, in the event of a breach of system security, with the notification requirements of Section 521.053, Business & Commerce Code, to the same extent as a person who conducts business in this state.

 

SECTION 6.  Makes application of this Act prospective.

 

SECTION 7.  Effective date:  September 1, 2009.