AUTHOR'S / SPONSOR'S STATEMENT OF INTENT
The purpose of this legislation is to enhance state employees' awareness regarding cybersecurity best practices.
Currently, nearly every state agency and employee uses some form of data usage agreement, which delineates the employee's duties and responsibilities regarding data access and usage. As cybersecurity threats evolve, state agencies' data usage agreements change by including new best practices that respond to the latest threats. Despite data user agreement changes, employees typically sign and review data agreements only once as part of the hiring process.
Recent studies in data management and cybersecurity revealed that understanding new requirements or simply refreshing existing ones has a positive effect on employee awareness of duties and responsibilities related to data access and use. The lack of a periodic renewal of data usage agreements means that employees who have worked in one position for a long time may not be aware of new or updated best practices.
S.B. 1877 directs the Department of Information Resources (DIR) to work with state agencies to create a minimum uniform standard data and technology user agreement. Employees would be required to sign this data and technology user agreement at least once every two years. The two-year period would account for changes in the interim to any rules that may apply to specific agencies or to Texas as a whole.
This periodic signing of up-to-date user agreements would fundamentally enhance cybersecurity in state agencies.
As proposed, S.B. 1877 amends current law relating to the development and maintenance by each state agency of a data use agreement for the state agency's employees.
RULEMAKING AUTHORITY
SECTION BY SECTION ANALYSIS
SECTION 1. Amends Subchapter F, Chapter 2054, Government Code, by adding Section 2054.134, as follows:
Sec. 2054.134. DATA USE AGREEMENT. (a) Requires each state agency (agency) to develop a data use agreement for use by the agency that meets the particular needs of the agency and is consistent with rules adopted by the Texas Department of Information Resources (DIR) that relate to information security standards for state agencies.
(b) Requires a state agency to update the data use agreement not later than the second anniversary of the date the agreement is developed. Authorizes a state agency to update the agreement at any time as necessary to accommodate best practices in data management.
(c) Requires a state agency to require each employee of that agency to sign the data use agreement developed under this section and to distribute any updates to the agreement to employees of the agency.
SECTION 2. Effective date: September 1, 2015.