82R9740 KEL-F
By: Thompson H.B. No. 3219
A BILL TO BE ENTITLED
AN ACT
relating to intelligence data standards and protected personal
information.
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
SECTION 1. Chapter 421, Government Code, is amended by
adding Subchapter E-1 to read as follows:
SUBCHAPTER E-1. CRIMINAL INTELLIGENCE SYSTEMS
Sec. 421.101. DEFINITIONS. In this subchapter:
(1) "Biometric information" means DNA, iris or retinal
scans, palm telemetry, photographs, or facial recognition
measurements or any other biometric measurements. The term does
not include a thumbprint or signature.
(2) "Criminal intelligence system" means:
(A) the arrangements, equipment, facilities, and
procedures used for the receipt, storage, interagency exchange,
dissemination, and analysis of criminal intelligence data; or
(B) any entity whose mission includes
collecting, analyzing, or sharing intelligence data and other data
for law enforcement or homeland security purposes, including the
Texas Fusion Center operated by the Department of Public Safety and
all regional fusion centers in this state.
(3) "Noncriminal information" means any data about
persons, organizations, events, incidents, or objects, regardless
of the medium in which the information exists, where no reasonable
suspicion exists that a criminal activity is occurring or is about
to occur.
(4) "Personally identifiable information" means all
personal data and any data element or combination of data elements
that identifies or could be used to identify an individual,
including:
(A) an individual's:
(i) name;
(ii) date of birth;
(iii) address of residence;
(iv) electronic password;
(v) unique account number;
(vi) telephone number;
(vii) biometric information;
(viii) photograph or a description of a
tattoo;
(ix) e-mail address;
(x) Internet Protocol address; or
(xi) web address; or
(B) any other unique identifier of the
individual.
(5) "Protected health information" means any
information about health status, provision of health care, or
payment for health care services that can be linked to a specific
individual.
Sec. 421.102. REASONABLE SUSPICION DEFINED. For purposes
of this subchapter, reasonable suspicion is established only when
information exists that establishes sufficient facts to give a
trained law enforcement or criminal justice agency officer,
investigator, or employee a basis to believe that there is a
reasonable possibility that an individual or organization is
involved in a definable criminal activity or enterprise.
Sec. 421.103. CONDITIONS FOR TREATMENT OF INTELLIGENCE DATA
AND NONCRIMINAL INFORMATION. (a) Any law enforcement or criminal
justice agency, including a criminal intelligence system, that
reviews, collects, submits, disseminates, discloses, or maintains
intelligence data shall:
(1) review, collect, and maintain intelligence data or
noncriminal information concerning an individual or organization
only if:
(A) reasonable suspicion exists that the
individual or organization is involved in criminal conduct or
activity; and
(B) the information is relevant to that criminal
conduct or activity;
(2) disseminate intelligence data only where there is
a need to know and a right to know the information in the
performance of a law enforcement activity;
(3) disseminate intelligence data only to a law
enforcement authority that agrees to follow procedures regarding
information receipt, maintenance, security, and dissemination that
are consistent with the receipt, maintenance, security, and
dissemination limitations, requirements, and procedures applicable
to a criminal intelligence system;
(4) provide notice to submitting criminal justice
agencies, law enforcement agencies, or criminal intelligence
systems or other submitting individuals before initiating formal
information exchange procedures with any federal, state, or
regional information system;
(5) require any agency submitting data to maintain in
its agency files documentation of each submission and to make that
documentation available for reasonable audit and inspection by the
attorney general;
(6) adopt policies regarding screening, rejecting for
employment, transferring, or removing personnel authorized to have
direct access to intelligence data;
(7) adopt, implement, and maintain procedures to
ensure the maximum feasible security, confidentiality, and
integrity of personally identifiable information and similar data,
including labeling that data to indicate:
(A) levels of sensitivity of the data;
(B) levels of confidence in the data; and
(C) the identity of a submitting criminal justice
agency, law enforcement agency, or criminal intelligence system or
other submitting individual;
(8)(A) adopt, implement, and maintain written
information security programs governing the collection, use,
dissemination, storage, retention, and destruction of personally
identifiable information and similar data;
(B) ensure that criminal intelligence and other
information is securely stored and protected against unauthorized
access, destruction, use, modification, disclosure, or loss; and
(C) destroy the information as soon as it is no
longer needed; and
(9) adopt policies and operating procedures
implementing all other applicable requirements under state or
federal law.
(b) Subsection (a)(3) does not limit the dissemination of an
assessment of intelligence data to a government official or to any
other individual if necessary to avoid imminent danger to life or
property.
(c) An information security program under Subsection
(a)(8)(A) must:
(1) address, without limitation, administrative,
technical, and physical safeguards;
(2) include sanctions for unauthorized access, use, or
disclosure of information stored and maintained in a criminal
intelligence system; and
(3) comply with all federal and state privacy and
information security laws and regulations, including Chapter 552.
Sec. 421.104. COLLECTION OF CERTAIN INTELLIGENCE DATA AND
NONCRIMINAL INFORMATION PROHIBITED. An agency described by Section
421.103(a), including a criminal intelligence system, may not:
(1) review, collect, or maintain noncriminal
information or criminal intelligence data about the political,
religious, or social views, associations, military history, or
activities of any individual or any group, association,
corporation, business, partnership, or other organization unless
the information directly relates to criminal conduct or activity
and reasonable suspicion exists that the subject of the information
is or may be involved in criminal conduct or activity; or
(2) review, collect, or maintain protected health
information, biometric information, or personally identifiable
information unless the information directly relates to criminal
conduct or activity and reasonable suspicion exists that the
subject of the information is or may be involved in criminal conduct
or activity.
Sec. 421.105. REPORT. (a) Not later than September 1 of
each year, any law enforcement or criminal justice agency described
by Section 421.103(a), including a criminal intelligence system,
shall submit reports to the standing committees of each house of the
legislature with primary jurisdiction over criminal justice. Each
standing committee may hold a joint hearing to evaluate the reports
of those agencies and may invite testimony by the agencies for that
purpose.
(b) A report under this section must include:
(1) a list of all agencies requesting or submitting
information or intelligence to the entity in question;
(2) a summary of any audit or review the entity
underwent during the preceding year and, if the audit or review was
performed for a criminal intelligence system, a summary of the
methods used to investigate, evaluate, and analyze the operations
of that system;
(3) the total number of requests for and responses to
requests for information or intelligence; and
(4) all complaints received by the entity in relation
to information collection.
Sec. 421.106. OVERSIGHT. (a) The attorney general or a
designated employee of the attorney general shall provide oversight
of the data and privacy protection function of criminal
intelligence systems operating in this state, including the Texas
Fusion Center, with regard to the collection, maintenance, and
storage of personally identifiable information or intelligence
data and any disclosure, transfer, or dissemination of that
information or data.
(b) The attorney general or designee shall investigate,
evaluate, and analyze the operations of criminal intelligence
systems in this state, including the procedures of those systems,
both as written and in practice, for:
(1) collecting data;
(2) protecting the privacy and security of personally
identifiable information;
(3) responding to requests for information under
Chapter 552; and
(4) ensuring that the activities of criminal
intelligence systems do not infringe on the rights of freedom of
assembly, association, and expression guaranteed by the United
States Constitution and the Texas Constitution.
(c) The attorney general or designee shall examine the
compliance of each criminal intelligence system in this state with
this subchapter.
(d) The attorney general or designee shall examine the
involvement of entities other than law enforcement or criminal
justice agencies in criminal intelligence system activities and
shall assess the impact of that involvement on the data and privacy
protection function of criminal intelligence systems in this state.
Sec. 421.107. OVERSIGHT BOARD. (a) Each criminal
intelligence system in this state shall establish and maintain an
oversight board.
(b) The members of an oversight board established under this
section must include:
(1) representatives from industry, law enforcement,
and other related fields; and
(2) at least one privacy advocate.
Sec. 421.108. LIMITATIONS ON DISCLOSURE OF INFORMATION.
Information subject to regulation by this subchapter may not be
disclosed under Chapter 552 if the disclosure would:
(1) interfere with an ongoing criminal investigation
or other law enforcement proceeding;
(2) constitute a clearly unwarranted invasion of
personal privacy;
(3) disclose the identity of a confidential source; or
(4) endanger the life or physical safety of any
individual.
SECTION 2. Subchapter F, Chapter 421, Government Code, is
redesignated as Subchapter G, Chapter 421, Government Code, and
amended to read as follows:
SUBCHAPTER G [F]. GOVERNOR'S INTEROPERABLE RADIO COMMUNICATIONS
PROGRAM
Sec. 421.121 [421.095]. DEFINITIONS. In this subchapter:
(1) "First responder" means a public safety employee
or volunteer whose duties include responding rapidly to an
emergency. The term includes:
(A) a peace officer whose duties include
responding rapidly to an emergency;
(B) fire protection personnel under Section
419.021;
(C) a volunteer firefighter who is:
(i) certified by the Texas Commission on
Fire Protection or by the State Firemen's and Fire Marshalls'
Association of Texas; or
(ii) a member of an organized volunteer
fire-fighting unit as described by Section 615.003; and
(D) an individual certified as emergency medical
services personnel by the Department of State Health Services.
(2) "Infrastructure equipment" means the underlying
permanent equipment required to establish interoperable
communication between radio systems used by local, state, and
federal agencies and first responders.
Sec. 421.122 [421.096]. INTEROPERABILITY OF RADIO SYSTEMS.
The office of the governor shall:
(1) develop and administer a strategic plan to design
and implement a statewide integrated public safety radio
communications system that promotes interoperability within and
between local, state, and federal agencies and first responders;
(2) develop and administer a plan in accordance with
Subdivision (1) to purchase infrastructure equipment for state and
local agencies and first responders;
(3) advise representatives of entities in this state
that are involved in homeland security activities with respect to
interoperability; and
(4) use appropriated money, including money from
relevant federal homeland security grants, for the purposes of
designing, implementing, and maintaining a statewide integrated
public safety radio communications system.
Sec. 421.123 [421.097]. ASSISTANCE. The office of the
governor may consult with a representative of an entity described
by Section 421.122(3) [421.096(3)] to obtain assistance or
information necessary for the performance of any duty under this
subchapter.
Sec. 421.124 [421.098]. REPORT. Not later than September 1
of each year, the office of the governor shall provide to the
legislature a report on the status of its duties under this
subchapter.
SECTION 3. Section 74.151(a), Civil Practice and Remedies
Code, is amended to read as follows:
(a) A person who in good faith administers emergency care is
not liable in civil damages for an act performed during the
emergency unless the act is wilfully or wantonly negligent,
including a person who:
(1) administers emergency care using an automated
external defibrillator; or
(2) administers emergency care as a volunteer who is a
first responder as the term is defined under Section 421.121
[421.095], Government Code.
SECTION 4. This Act takes effect immediately if it receives
a vote of two-thirds of all the members elected to each house, as
provided by Section 39, Article III, Texas Constitution. If this
Act does not receive the vote necessary for immediate effect, this
Act takes effect September 1, 2011.