|
|
|
A BILL TO BE ENTITLED
|
|
AN ACT
|
|
relating to the requirement that state agencies notify the |
|
Department of Information Resources in the event of a breach of |
|
system security or unauthorized exposure of certain information. |
|
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: |
|
SECTION 1. Section 2054.1125(b), Government Code, is |
|
amended to read as follows: |
|
(b) A state agency that owns, licenses, or maintains |
|
computerized data that includes sensitive personal information, |
|
confidential information, or information the disclosure of which is |
|
regulated by law shall, in the event of a suspected breach or breach |
|
of system security or an unauthorized exposure of that information: |
|
(1) comply[, in the event of a breach of system
|
|
security,] with the notification requirements of Section 521.053, |
|
Business & Commerce Code, to the same extent as a person who |
|
conducts business in this state; and |
|
(2) notify the department, including the chief |
|
information security officer and the state cybersecurity |
|
coordinator, not later than 48 hours after the suspected breach, |
|
breach, or unauthorized exposure. |
|
SECTION 2. This Act takes effect September 1, 2017. |