| |
| |
|
|
A BILL TO BE ENTITLED
|
|
|
AN ACT
|
|
|
relating to a study on the feasibility of implementing more secure |
|
|
access requirements for electronically stored information held by |
|
|
the state. |
|
|
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: |
|
|
SECTION 1. STUDY OF IDENTIFICATION AND ACCESS MANAGEMENT. |
|
|
The Department of Information Resources shall conduct a study to |
|
|
determine the feasibility of implementing new identification and |
|
|
access requirements for accessing certain information that is |
|
|
electronically stored by the state, including personal identifying |
|
|
information and sensitive personal information, as those terms are |
|
|
defined by Section 521.002, Business & Commerce Code. |
|
|
SECTION 2. COLLABORATION WITH OTHER AGENCIES. In |
|
|
conducting the study, the Department of Information Resources shall |
|
|
collaborate with other agencies to consider the needs or concerns |
|
|
specific to those agencies. |
|
|
SECTION 3. SCOPE OF STUDY. The study must: |
|
|
(1) examine the relative costs and benefits of various |
|
|
forms of identification and access management, including |
|
|
multifactor authentication; |
|
|
(2) evaluate various data loss and recovery systems or |
|
|
programs; |
|
|
(3) evaluate various security information and event |
|
|
management systems or programs; and |
|
|
(4) develop a strategy by which the Department of |
|
|
Information Resources may most effectively negotiate for the use of |
|
|
the preferred systems or programs across agencies at the lowest |
|
|
cost to the state. |
|
|
SECTION 4. REPORT AND RECOMMENDATIONS. (a) The Department |
|
|
of Information Resources shall issue a written report to the |
|
|
governor, the lieutenant governor, and the speaker of the house of |
|
|
representatives that includes the department's evaluation of the |
|
|
available systems and programs and provides recommendations |
|
|
regarding department action or legislation that will secure |
|
|
sensitive information held by the state and allow for the best |
|
|
response in the event any information is compromised. |
|
|
(b) The report must be issued not later than November 30, |
|
|
2016. |
|
|
SECTION 5. EXPIRATION. This Act expires December 1, 2016. |
|
|
SECTION 6. EFFECTIVE DATE. This Act takes effect September |
|
|
1, 2015. |