84R11310 DDT-D
By: Zaffirini S.B. No. 1878
A BILL TO BE ENTITLED
AN ACT
relating to a study on the feasibility of implementing more secure
access requirements for electronically stored information held by
the state.
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
SECTION 1. STUDY OF IDENTIFICATION AND ACCESS MANAGEMENT.
The Department of Information Resources shall conduct a study to
determine the feasibility of implementing new identification and
access requirements for accessing certain information that is
electronically stored by the state, including personal identifying
information and sensitive personal information, as those terms are
defined by Section 521.002, Business & Commerce Code.
SECTION 2. COLLABORATION WITH OTHER AGENCIES. In
conducting the study, the Department of Information Resources shall
collaborate with other agencies to consider the needs or concerns
specific to those agencies.
SECTION 3. SCOPE OF STUDY. The study must:
(1) examine the relative costs and benefits of various
forms of identification and access management, including
multifactor authentication;
(2) evaluate various data loss and recovery systems or
programs;
(3) evaluate various security information and event
management systems or programs; and
(4) develop a strategy by which the Department of
Information Resources may most effectively negotiate for the use of
the preferred systems or programs across agencies at the lowest
cost to the state.
SECTION 4. REPORT AND RECOMMENDATIONS. (a) The Department
of Information Resources shall issue a written report to the
governor, the lieutenant governor, and the speaker of the house of
representatives that includes the department's evaluation of the
available systems and programs and provides recommendations
regarding department action or legislation that will secure
sensitive information held by the state and allow for the best
response in the event any information is compromised.
(b) The report must be issued not later than November 30,
2016.
SECTION 5. EXPIRATION. This Act expires December 1, 2016.
SECTION 6. EFFECTIVE DATE. This Act takes effect September
1, 2015.