88R4050 LRM-F
 
  By: Capriglione H.B. No. 984
 
 
 
A BILL TO BE ENTITLED
 
AN ACT
  relating to the employment of a chief privacy officer in the
  Department of Information Resources.
         BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
         SECTION 1.  Subchapter B, Chapter 2054, Government Code, is
  amended by adding Section 2054.0287 to read as follows:
         Sec. 2054.0287.  CHIEF PRIVACY OFFICER. (a) The executive
  director shall employ a chief privacy officer to provide assistance
  to state agencies on legal and policy matters involving data
  privacy.  The chief privacy officer shall:
               (1)  conduct a biennial privacy review that compiles
  information about the data privacy practices of state agencies,
  including, for each agency, information about:
                     (A)  the specific privacy policies implemented;
                     (B)  the type of data collected;
                     (C)  how the data collected by the agency is
  obtained, shared, secured, stored, and discarded;
                     (D)  the persons with whom the agency shares the
  data; and
                     (E)  how the agency deidentifies or anonymizes the
  data;
               (2)  develop and implement best practices among state
  agencies to ensure compliance with privacy laws;
               (3)  provide state agencies and their employees with
  guidance related to best practices on data privacy; and
               (4)  coordinate data protection in cooperation with the
  chief information officer and the chief data officer described by
  Sections 2054.0285 and 2054.0286, respectively.
         (b)  Each state agency shall cooperate with the chief privacy
  officer in fulfilling the requirements of this section.
         (c)  The chief privacy officer may assist local governments
  and the public with data privacy and protection concerns by:
               (1)  developing and promoting the dissemination of best
  practices for the collection and storage of personally identifiable
  information, including establishing and conducting training
  programs for local governments; and
               (2)  educating consumers about the use of personally
  identifiable information on mobile and digital networks and
  measures that can help protect the user's data.
         SECTION 2.  As soon as practicable after the effective date
  of this Act, the executive director of the Department of
  Information Resources shall employ a chief privacy officer as
  required by Section 2054.0287, Government Code, as added by this
  Act.
         SECTION 3.  This Act takes effect September 1, 2023.