| |
| |
|
|
A BILL TO BE ENTITLED
|
|
|
AN ACT
|
|
|
relating to the employment of a chief privacy officer in the |
|
|
Department of Information Resources. |
|
|
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: |
|
|
SECTION 1. Subchapter B, Chapter 2054, Government Code, is |
|
|
amended by adding Section 2054.0287 to read as follows: |
|
|
Sec. 2054.0287. CHIEF PRIVACY OFFICER. (a) The executive |
|
|
director shall employ a chief privacy officer to provide assistance |
|
|
to state agencies on legal and policy matters involving data |
|
|
privacy. The chief privacy officer shall: |
|
|
(1) conduct a biennial privacy review that compiles |
|
|
information about the data privacy practices of state agencies, |
|
|
including, for each agency, information about: |
|
|
(A) the specific privacy policies implemented; |
|
|
(B) the type of data collected; |
|
|
(C) how the data collected by the agency is |
|
|
obtained, shared, secured, stored, and discarded; |
|
|
(D) the persons with whom the agency shares the |
|
|
data; and |
|
|
(E) how the agency deidentifies or anonymizes the |
|
|
data; |
|
|
(2) develop and implement best practices among state |
|
|
agencies to ensure compliance with privacy laws; |
|
|
(3) provide state agencies and their employees with |
|
|
guidance related to best practices on data privacy; and |
|
|
(4) coordinate data protection in cooperation with the |
|
|
chief information officer and the chief data officer described by |
|
|
Sections 2054.0285 and 2054.0286, respectively. |
|
|
(b) Each state agency shall cooperate with the chief privacy |
|
|
officer in fulfilling the requirements of this section. |
|
|
(c) The chief privacy officer may assist local governments |
|
|
and the public with data privacy and protection concerns by: |
|
|
(1) developing and promoting the dissemination of best |
|
|
practices for the collection and storage of personally identifiable |
|
|
information, including establishing and conducting training |
|
|
programs for local governments; and |
|
|
(2) educating consumers about the use of personally |
|
|
identifiable information on mobile and digital networks and |
|
|
measures that can help protect the user's data. |
|
|
SECTION 2. As soon as practicable after the effective date |
|
|
of this Act, the executive director of the Department of |
|
|
Information Resources shall employ a chief privacy officer as |
|
|
required by Section 2054.0287, Government Code, as added by this |
|
|
Act. |
|
|
SECTION 3. This Act takes effect September 1, 2023. |