BILL ANALYSIS S.B. 1877 By: Zaffirini Government Transparency & Operation Committee Report (Unamended) BACKGROUND AND PURPOSE Interested parties note that nearly every state agency uses some form of data usage agreement that delineates an employee's duties and responsibilities regarding data access and usage. As cybersecurity threats evolve, these data usage agreements change by including new best practices that respond to the latest threats. The parties point out, however, that despite data user agreement changes, an employee typically signs and reviews a data usage agreement only once as part of the hiring process. Recent studies in data management and cybersecurity indicate that understanding new requirements or simply refreshing existing ones generally has a positive effect on employee awareness of duties and responsibilities related to data access and use. The current lack of a periodic renewal of data usage agreements used in state agencies suggests that employees who have worked in one position for a long time may not be aware of new or updated best practices. S.B. 1877 seeks to address this issue. CRIMINAL JUSTICE IMPACT It is the committee's opinion that this bill does not expressly create a criminal offense, increase the punishment for an existing criminal offense or category of offenses, or change the eligibility of a person for community supervision, parole, or mandatory supervision. RULEMAKING AUTHORITY It is the committee's opinion that this bill does not expressly grant any additional rulemaking authority to a state officer, department, agency, or institution. ANALYSIS S.B. 1877 amends the Government Code to require each state agency to develop a data use agreement for use by the agency that meets the agency's particular needs and is consistent with Department of Information Resources rules relating to information security standards for state agencies. The bill requires a state agency to update the data use agreement at least biennially but authorizes an agency to update the agreement at any time as necessary to accommodate best practices in data management. The bill requires a state agency to distribute the data use agreement, and each update to that agreement, to the agency's employees and requires an agency employee to sign the data use agreement and each update to the agreement. The bill requires a state agency, to the extent possible, to provide agency employees with cybersecurity awareness training to coincide with the distribution of the data use agreement and each biennial update to that agreement. EFFECTIVE DATE September 1, 2015.
BILL ANALYSIS
# BILL ANALYSIS
S.B. 1877
By: Zaffirini
Government Transparency & Operation
Committee Report (Unamended)
S.B. 1877
By: Zaffirini
Government Transparency & Operation
Committee Report (Unamended)
BACKGROUND AND PURPOSE Interested parties note that nearly every state agency uses some form of data usage agreement that delineates an employee's duties and responsibilities regarding data access and usage. As cybersecurity threats evolve, these data usage agreements change by including new best practices that respond to the latest threats. The parties point out, however, that despite data user agreement changes, an employee typically signs and reviews a data usage agreement only once as part of the hiring process. Recent studies in data management and cybersecurity indicate that understanding new requirements or simply refreshing existing ones generally has a positive effect on employee awareness of duties and responsibilities related to data access and use. The current lack of a periodic renewal of data usage agreements used in state agencies suggests that employees who have worked in one position for a long time may not be aware of new or updated best practices. S.B. 1877 seeks to address this issue.
CRIMINAL JUSTICE IMPACT It is the committee's opinion that this bill does not expressly create a criminal offense, increase the punishment for an existing criminal offense or category of offenses, or change the eligibility of a person for community supervision, parole, or mandatory supervision.
RULEMAKING AUTHORITY It is the committee's opinion that this bill does not expressly grant any additional rulemaking authority to a state officer, department, agency, or institution.
ANALYSIS S.B. 1877 amends the Government Code to require each state agency to develop a data use agreement for use by the agency that meets the agency's particular needs and is consistent with Department of Information Resources rules relating to information security standards for state agencies. The bill requires a state agency to update the data use agreement at least biennially but authorizes an agency to update the agreement at any time as necessary to accommodate best practices in data management. The bill requires a state agency to distribute the data use agreement, and each update to that agreement, to the agency's employees and requires an agency employee to sign the data use agreement and each update to the agreement. The bill requires a state agency, to the extent possible, to provide agency employees with cybersecurity awareness training to coincide with the distribution of the data use agreement and each biennial update to that agreement.
EFFECTIVE DATE September 1, 2015.
BACKGROUND AND PURPOSE
Interested parties note that nearly every state agency uses some form of data usage agreement that delineates an employee's duties and responsibilities regarding data access and usage. As cybersecurity threats evolve, these data usage agreements change by including new best practices that respond to the latest threats. The parties point out, however, that despite data user agreement changes, an employee typically signs and reviews a data usage agreement only once as part of the hiring process. Recent studies in data management and cybersecurity indicate that understanding new requirements or simply refreshing existing ones generally has a positive effect on employee awareness of duties and responsibilities related to data access and use. The current lack of a periodic renewal of data usage agreements used in state agencies suggests that employees who have worked in one position for a long time may not be aware of new or updated best practices. S.B. 1877 seeks to address this issue.
CRIMINAL JUSTICE IMPACT
It is the committee's opinion that this bill does not expressly create a criminal offense, increase the punishment for an existing criminal offense or category of offenses, or change the eligibility of a person for community supervision, parole, or mandatory supervision.
RULEMAKING AUTHORITY
It is the committee's opinion that this bill does not expressly grant any additional rulemaking authority to a state officer, department, agency, or institution.
ANALYSIS
S.B. 1877 amends the Government Code to require each state agency to develop a data use agreement for use by the agency that meets the agency's particular needs and is consistent with Department of Information Resources rules relating to information security standards for state agencies. The bill requires a state agency to update the data use agreement at least biennially but authorizes an agency to update the agreement at any time as necessary to accommodate best practices in data management. The bill requires a state agency to distribute the data use agreement, and each update to that agreement, to the agency's employees and requires an agency employee to sign the data use agreement and each update to the agreement. The bill requires a state agency, to the extent possible, to provide agency employees with cybersecurity awareness training to coincide with the distribution of the data use agreement and each biennial update to that agreement.
EFFECTIVE DATE
September 1, 2015.