This website will be unavailable from Thursday, May 30, 2024 at 6:00 p.m. through Monday, June 3, 2024 at 7:00 a.m. due to data center maintenance.

 
 
  S.B. No. 820
 
 
 
 
AN ACT
  relating to a requirement that a school district adopt a
  cybersecurity policy.
         BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
         SECTION 1.  Subchapter D, Chapter 11, Education Code, is
  amended by adding Section 11.175 to read as follows:
         Sec. 11.175.  DISTRICT CYBERSECURITY. (a)  In this section:
         (1)  "Breach of system security" means an incident in which
  student information that is sensitive, protected, or confidential,
  as provided by state or federal law, is stolen or copied,
  transmitted, viewed, or used by a person unauthorized to engage in
  that action.
               (2)  "Cyber attack" means an attempt to damage,
  disrupt, or gain unauthorized access to a computer, computer
  network, or computer system.
               (3)  "Cybersecurity" means the measures taken to
  protect a computer, computer network, or computer system against
  unauthorized use or access.
         (b)  Each school district shall adopt a cybersecurity policy
  to:
               (1)  secure district cyberinfrastructure against cyber
  attacks and other cybersecurity incidents; and
               (2)  determine cybersecurity risk and implement
  mitigation planning.
         (c)  A school district's cybersecurity policy may not
  conflict with the information security standards for institutions
  of higher education adopted by the Department of Information
  Resources under Chapters 2054 and 2059, Government Code.
         (d)  The superintendent of each school district shall
  designate a cybersecurity coordinator to serve as a liaison between
  the district and the agency in cybersecurity matters.
         (e)  The district's cybersecurity coordinator shall report
  to the agency any cyber attack or other cybersecurity incident
  against the district cyberinfrastructure that constitutes a breach
  of system security as soon as practicable after the discovery of the
  attack or incident.
         (f)  The district's cybersecurity coordinator shall provide
  notice to a parent of or person standing in parental relation to a
  student enrolled in the district of an attack or incident for which
  a report is required under Subsection (e) involving the student's
  information.
         SECTION 2.  This Act takes effect September 1, 2019.
 
 
 
 
 
 
  ______________________________ ______________________________
     President of the Senate Speaker of the House     
 
         I hereby certify that S.B. No. 820 passed the Senate on
  April 26, 2019, by the following vote: Yeas 30, Nays 0; and that
  the Senate concurred in House amendments on May 25, 2019, by the
  following vote: Yeas 30, Nays 0.
 
 
  ______________________________
  Secretary of the Senate    
 
         I hereby certify that S.B. No. 820 passed the House, with
  amendments, on May 22, 2019, by the following vote: Yeas 133,
  Nays 10, two present not voting.
 
 
  ______________________________
  Chief Clerk of the House   
 
 
 
  Approved:
 
  ______________________________ 
              Date
 
 
  ______________________________ 
            Governor