BILL ANALYSIS
|
Senate Research Center |
H.B. 3112 |
|
|
By: Tepper et al. (Perry) |
|
|
Business & Commerce |
|
|
5/12/2025 |
|
|
Engrossed |
AUTHOR'S / SPONSOR'S STATEMENT OF INTENT
Cyber attacks can compromise the confidentiality, integrity, and availability of public records and meetings, posing a significant threat to transparency and accountability in government operations. H.B. 3112 ensures that a governmental body is not required to conduct an open meeting to deliberate a cybersecurity measure, policy, or contract solely intended to protect a critical infrastructure facility located in the jurisdiction of the governmental body. The bill also excepts certain cybersecurity information from public disclosure.
H.B. 3112 amends current law relating to the application of the open meetings law and public information law to government information related to certain cybersecurity measures.
RULEMAKING AUTHORITY
This bill does not expressly grant any additional rulemaking authority to a state officer, institution, or agency.
SECTION BY SECTION ANALYSIS
SECTION 1. Amends Subchapter D, Chapter 551, by adding Section 551.0761, as follows:
Sec. 551.0761. DELIBERATION REGARDING CRITICAL INFRASTRUCTURE FACILITY; CLOSED MEETING. (a) Defines "critical infrastructure facility" and "cybersecurity."
(b) Provides that Chapter 551 (Open Meetings) does not require a governmental body to conduct an open meeting to deliberate a cybersecurity measure, policy, or contract solely intended to protect a critical infrastructure facility located in the jurisdiction of the governmental body.
SECTION 2. Amends Subchapter C, Chapter 552, Government Code, by adding Section 552.1391, as follows:
Sec. 552.1391. EXCEPTION: CONFIDENTIALITY OF CYBERSECURITY MEASURES. (a) Defines "critical infrastructure facility" and "cybersecurity."
(b) Provides that information is excepted from the requirements of Section 552.021 (Availability of Public Information) if it is information that relates to certain subjects.
(c) Authorizes a governmental body to disclose information made confidential by this section to comply with applicable state or federal law or a court order. Requires a governmental body that is required to disclose information described by Subsection (b), not later than the fifth business day before the date the information is required to be disclosed, to provide notice of the required disclosure to the person or third party who owns the critical infrastructure facility or, in the event immediate disclosure is required, notify in writing the person or third party as soon as practicable but not later than the fifth business day after the information is disclosed and retain all existing labeling on the information being disclosed describing such information as confidential or privileged.
SECTION 3. Effective date: upon passage or September 1, 2025.