BILL ANALYSIS

 

 

 

H.B. 3248

By: Davis, Yvonne

Government Transparency & Operation

Committee Report (Unamended)

 

 

 

BACKGROUND AND PURPOSE

 

Interested parties note that personnel at state agencies and public universities are responsible for protecting the integrity and accuracy of the information they gather and maintain, and the parties contend that, in light of this responsibility, these public entities should create, adhere to, and strictly enforce policies and procedures that protect individuals from identity theft, fraud, or any other similar matter. H.B. 3248 seeks to provide for these policies and procedures.

 

CRIMINAL JUSTICE IMPACT

 

It is the committee's opinion that this bill does not expressly create a criminal offense, increase the punishment for an existing criminal offense or category of offenses, or change the eligibility of a person for community supervision, parole, or mandatory supervision.

 

RULEMAKING AUTHORITY

 

It is the committee's opinion that this bill does not expressly grant any additional rulemaking authority to a state officer, department, agency, or institution.

 

ANALYSIS

 

H.B. 3248 amends the Government Code to require each state agency, defined in the bill as a department, commission, board, office, council, authority, or other agency in the executive, legislative, or judicial branch of state government, including a university system or institution of higher education that is created by the state constitution or a state statute, to develop policies and procedures to properly secure all information, including electronic information and any electronic backup of that information, that alone or in conjunction with other information identifies an individual. The bill requires an agency to implement electronic security strategies developed by the Department of Information Resources, as appropriate. The bill requires a state agency to destroy or arrange for the destruction of information that alone or in conjunction with other information identifies an individual and that is not required to be retained under other law in a manner that properly protects the information from disclosure, including by shredding, erasing, or otherwise modifying the sensitive information in the records to make the information unreadable or indecipherable through any means.

 

EFFECTIVE DATE

 

September 1, 2015.