BILL ANALYSIS S.B. 1878 By: Zaffirini Government Transparency & Operation Committee Report (Unamended) BACKGROUND AND PURPOSE Interested parties note that many businesses and e-mail providers have implemented more secure requirements for access to a network or database because the requirements create an effective additional layer of control and security. The parties also note that, at the state level, large strides have been made to secure personal and private information from external threats, but less concrete action has been taken to improve the security of internal access beyond simple password protections and broad user restrictions. The parties contend that a study is needed on the feasibility of implementing more secure access requirements for accessing personal identifying information and sensitive personal information that is electronically stored by the state. S.B. 1878 seeks to establish a blueprint to ensure that sensitive information held by the state is protected to the fullest extent. CRIMINAL JUSTICE IMPACT It is the committee's opinion that this bill does not expressly create a criminal offense, increase the punishment for an existing criminal offense or category of offenses, or change the eligibility of a person for community supervision, parole, or mandatory supervision. RULEMAKING AUTHORITY It is the committee's opinion that this bill does not expressly grant any additional rulemaking authority to a state officer, department, agency, or institution. ANALYSIS S.B. 1878 requires the Department of Information Resources (DIR) to conduct a study to determine the feasibility of implementing new identification and access requirements for accessing certain information that is electronically stored by the state, including personal identifying information and sensitive personal information as those terms are defined by Business & Commerce Code provisions relating to the unauthorized use of identifying information. The bill requires DIR, in conducting the study, to collaborate with other agencies to consider the needs or concerns specific to those agencies. The bill requires the study to examine the relative costs and benefits of various forms of identification and access management, including multifactor authentication, and to develop a strategy by which DIR may most effectively negotiate for bulk purchase across agencies at the lowest cost to the state. The bill requires DIR, not later than November 30, 2016, to issue a written report to the governor, the lieutenant governor, and the speaker of the house of representatives that includes DIR's evaluation of the available identification and access management and multifactor authentication systems and programs, and that provides recommendations regarding DIR action or legislation that will secure sensitive information held by the state. The bill's provisions expire December 1, 2016. EFFECTIVE DATE September 1, 2015.
BILL ANALYSIS
# BILL ANALYSIS
S.B. 1878
By: Zaffirini
Government Transparency & Operation
Committee Report (Unamended)
S.B. 1878
By: Zaffirini
Government Transparency & Operation
Committee Report (Unamended)
BACKGROUND AND PURPOSE Interested parties note that many businesses and e-mail providers have implemented more secure requirements for access to a network or database because the requirements create an effective additional layer of control and security. The parties also note that, at the state level, large strides have been made to secure personal and private information from external threats, but less concrete action has been taken to improve the security of internal access beyond simple password protections and broad user restrictions. The parties contend that a study is needed on the feasibility of implementing more secure access requirements for accessing personal identifying information and sensitive personal information that is electronically stored by the state. S.B. 1878 seeks to establish a blueprint to ensure that sensitive information held by the state is protected to the fullest extent.
CRIMINAL JUSTICE IMPACT It is the committee's opinion that this bill does not expressly create a criminal offense, increase the punishment for an existing criminal offense or category of offenses, or change the eligibility of a person for community supervision, parole, or mandatory supervision.
RULEMAKING AUTHORITY It is the committee's opinion that this bill does not expressly grant any additional rulemaking authority to a state officer, department, agency, or institution.
ANALYSIS S.B. 1878 requires the Department of Information Resources (DIR) to conduct a study to determine the feasibility of implementing new identification and access requirements for accessing certain information that is electronically stored by the state, including personal identifying information and sensitive personal information as those terms are defined by Business & Commerce Code provisions relating to the unauthorized use of identifying information. The bill requires DIR, in conducting the study, to collaborate with other agencies to consider the needs or concerns specific to those agencies. The bill requires the study to examine the relative costs and benefits of various forms of identification and access management, including multifactor authentication, and to develop a strategy by which DIR may most effectively negotiate for bulk purchase across agencies at the lowest cost to the state. The bill requires DIR, not later than November 30, 2016, to issue a written report to the governor, the lieutenant governor, and the speaker of the house of representatives that includes DIR's evaluation of the available identification and access management and multifactor authentication systems and programs, and that provides recommendations regarding DIR action or legislation that will secure sensitive information held by the state. The bill's provisions expire December 1, 2016.
EFFECTIVE DATE September 1, 2015.
BACKGROUND AND PURPOSE
Interested parties note that many businesses and e-mail providers have implemented more secure requirements for access to a network or database because the requirements create an effective additional layer of control and security. The parties also note that, at the state level, large strides have been made to secure personal and private information from external threats, but less concrete action has been taken to improve the security of internal access beyond simple password protections and broad user restrictions. The parties contend that a study is needed on the feasibility of implementing more secure access requirements for accessing personal identifying information and sensitive personal information that is electronically stored by the state. S.B. 1878 seeks to establish a blueprint to ensure that sensitive information held by the state is protected to the fullest extent.
CRIMINAL JUSTICE IMPACT
It is the committee's opinion that this bill does not expressly create a criminal offense, increase the punishment for an existing criminal offense or category of offenses, or change the eligibility of a person for community supervision, parole, or mandatory supervision.
RULEMAKING AUTHORITY
It is the committee's opinion that this bill does not expressly grant any additional rulemaking authority to a state officer, department, agency, or institution.
ANALYSIS
S.B. 1878 requires the Department of Information Resources (DIR) to conduct a study to determine the feasibility of implementing new identification and access requirements for accessing certain information that is electronically stored by the state, including personal identifying information and sensitive personal information as those terms are defined by Business & Commerce Code provisions relating to the unauthorized use of identifying information. The bill requires DIR, in conducting the study, to collaborate with other agencies to consider the needs or concerns specific to those agencies. The bill requires the study to examine the relative costs and benefits of various forms of identification and access management, including multifactor authentication, and to develop a strategy by which DIR may most effectively negotiate for bulk purchase across agencies at the lowest cost to the state. The bill requires DIR, not later than November 30, 2016, to issue a written report to the governor, the lieutenant governor, and the speaker of the house of representatives that includes DIR's evaluation of the available identification and access management and multifactor authentication systems and programs, and that provides recommendations regarding DIR action or legislation that will secure sensitive information held by the state. The bill's provisions expire December 1, 2016.
EFFECTIVE DATE
September 1, 2015.