| |
| |
|
|
A BILL TO BE ENTITLED
|
|
|
AN ACT
|
|
|
relating to cybersecurity of voter registration lists and other |
|
|
election-related documents, systems, and technology. |
|
|
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: |
|
|
SECTION 1. Title 16, Election Code, is amended by adding |
|
|
Chapter 279 to read as follows: |
|
|
CHAPTER 279. CYBERSECURITY OF ELECTION SYSTEMS |
|
|
Sec. 279.001. DEFINITIONS. In this chapter: |
|
|
(1) "County election officer" means an individual |
|
|
employed by a county as an elections administrator, voter |
|
|
registrar, county clerk, or other officer with responsibilities |
|
|
relating to the administration of elections. |
|
|
(2) "Election data" means information that is created |
|
|
or managed in the operation of an election system. |
|
|
(3) "Election system" means a voting system and the |
|
|
technology used to support the conduct of an election, including |
|
|
the election data processed or produced in the course of conducting |
|
|
an election, such as voter registration information, ballot |
|
|
information, collected and tabulated votes, election management |
|
|
processes and procedures, and other election-related documents and |
|
|
election data. |
|
|
Sec. 279.002. ELECTION CYBERSECURITY: SECRETARY OF STATE. |
|
|
(a) The secretary of state shall adopt rules defining classes of |
|
|
protected election data and establishing best practices for |
|
|
identifying and reducing risk to the electronic use, storage, and |
|
|
transmission of election data and the security of election systems. |
|
|
(b) The secretary of state shall offer training on best |
|
|
practices: |
|
|
(1) on an annual basis, to all appropriate personnel |
|
|
in the secretary of state's office; and |
|
|
(2) on request, to county election officers in this |
|
|
state. |
|
|
(c) If the secretary of state becomes aware of a breach of |
|
|
cybersecurity that impacts election data, the secretary shall |
|
|
immediately notify the members of the standing committees of each |
|
|
house of the legislature with jurisdiction over elections. |
|
|
Sec. 279.003. ELECTION CYBERSECURITY: COUNTY ELECTION |
|
|
OFFICERS. (a) A county election officer shall request training on |
|
|
cybersecurity: |
|
|
(1) from the secretary of state; and |
|
|
(2) on an annual basis from another provider of |
|
|
cybersecurity training, if the county election officer has |
|
|
available state funds for that purpose. |
|
|
(b) A county election officer shall request an assessment of |
|
|
the cybersecurity of the county's election system from a provider |
|
|
of cybersecurity assessments if the secretary of state recommends |
|
|
an assessment and the necessary funds are available. |
|
|
(c) If a county election officer becomes aware of a breach |
|
|
of cybersecurity that impacts election data, the officer shall |
|
|
immediately notify the secretary of state. |
|
|
(d) To the extent that state funds are available for the |
|
|
purpose, a county election officer shall implement cybersecurity |
|
|
measures to ensure that all devices with access to election data |
|
|
comply to the highest extent possible with rules adopted by the |
|
|
secretary of state under Section 279.002. |
|
|
SECTION 2. This Act takes effect September 1, 2019. |