BILL ANALYSIS

 

 

 

S.B. 1878

By: Zaffirini

Government Transparency & Operation

Committee Report (Unamended)

 

 

 

BACKGROUND AND PURPOSE

 

Interested parties note that many businesses and e-mail providers have implemented more secure requirements for access to a network or database because the requirements create an effective additional layer of control and security. The parties also note that, at the state level, large strides have been made to secure personal and private information from external threats, but less concrete action has been taken to improve the security of internal access beyond simple password protections and broad user restrictions. The parties contend that a study is needed on the feasibility of implementing more secure access requirements for accessing personal identifying information and sensitive personal information that is electronically stored by the state. S.B. 1878 seeks to establish a blueprint to ensure that sensitive information held by the state is protected to the fullest extent. 

 

CRIMINAL JUSTICE IMPACT

 

It is the committee's opinion that this bill does not expressly create a criminal offense, increase the punishment for an existing criminal offense or category of offenses, or change the eligibility of a person for community supervision, parole, or mandatory supervision.

 

RULEMAKING AUTHORITY

 

It is the committee's opinion that this bill does not expressly grant any additional rulemaking authority to a state officer, department, agency, or institution.

 

ANALYSIS

 

S.B. 1878 requires the Department of Information Resources (DIR) to conduct a study to determine the feasibility of implementing new identification and access requirements for accessing certain information that is electronically stored by the state, including personal identifying information and sensitive personal information as those terms are defined by Business & Commerce Code provisions relating to the unauthorized use of identifying information. The bill requires DIR, in conducting the study, to collaborate with other agencies to consider the needs or concerns specific to those agencies. The bill requires the study to examine the relative costs and benefits of various forms of identification and access management, including multifactor authentication, and to develop a strategy by which DIR may most effectively negotiate for bulk purchase across agencies at the lowest cost to the state. The bill requires DIR, not later than November 30, 2016, to issue a written report to the governor, the lieutenant governor, and the speaker of the house of representatives that includes DIR's evaluation of the available identification and access management and multifactor authentication systems and programs, and that provides recommendations regarding DIR action or legislation that will secure sensitive information held by the state. The bill's provisions expire December 1, 2016.

 

 

 

EFFECTIVE DATE

 

September 1, 2015.