| 6 | 4 | | AN ACT |
|---|
| 7 | 5 | | relating to a study on the feasibility of implementing more secure |
|---|
| 8 | 6 | | access requirements for certain electronically stored information |
|---|
| 9 | 7 | | held by the state. |
|---|
| 10 | 8 | | BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: |
|---|
| 11 | 9 | | SECTION 1. STUDY OF IDENTIFICATION AND ACCESS MANAGEMENT. |
|---|
| 12 | 10 | | The Department of Information Resources shall conduct a study to |
|---|
| 13 | 11 | | determine the feasibility of implementing new identification and |
|---|
| 14 | 12 | | access requirements for accessing certain information that is |
|---|
| 15 | 13 | | electronically stored by the state, including personal identifying |
|---|
| 16 | 14 | | information and sensitive personal information, as those terms are |
|---|
| 17 | 15 | | defined by Section 521.002, Business & Commerce Code. |
|---|
| 18 | 16 | | SECTION 2. COLLABORATION WITH OTHER AGENCIES. In |
|---|
| 19 | 17 | | conducting the study, the Department of Information Resources shall |
|---|
| 20 | 18 | | collaborate with other agencies to consider the needs or concerns |
|---|
| 21 | 19 | | specific to those agencies. |
|---|
| 22 | 20 | | SECTION 3. SCOPE OF STUDY. The study must: |
|---|
| 23 | 21 | | (1) examine the relative costs and benefits of various |
|---|
| 24 | 22 | | forms of identification and access management, including |
|---|
| 25 | 23 | | multifactor authentication; and |
|---|
| 26 | 24 | | (2) develop a strategy by which the Department of |
|---|
| 27 | 25 | | Information Resources may most effectively negotiate for bulk |
|---|
| 28 | 26 | | purchase across agencies at the lowest cost to the state. |
|---|
| 29 | 27 | | SECTION 4. REPORT AND RECOMMENDATIONS. (a) The Department |
|---|
| 30 | 28 | | of Information Resources shall issue a written report to the |
|---|
| 31 | 29 | | governor, the lieutenant governor, and the speaker of the house of |
|---|
| 32 | 30 | | representatives that includes the department's evaluation of the |
|---|
| 33 | 31 | | available identification and access management and multifactor |
|---|
| 34 | 32 | | authentication systems and programs and provides recommendations |
|---|
| 35 | 33 | | regarding department action or legislation that will secure |
|---|
| 36 | 34 | | sensitive information held by the state. |
|---|
| 37 | 35 | | (b) The report must be issued not later than November 30, |
|---|
| 38 | 36 | | 2016. |
|---|
| 39 | 37 | | SECTION 5. EXPIRATION. This Act expires December 1, 2016. |
|---|
| 40 | 38 | | SECTION 6. EFFECTIVE DATE. This Act takes effect September |
|---|
| 41 | 39 | | 1, 2015. |
|---|
| 40 | + | ______________________________ ______________________________ |
|---|
| 41 | + | President of the Senate Speaker of the House |
|---|
| 42 | + | I hereby certify that S.B. No. 1878 passed the Senate on |
|---|
| 43 | + | April 30, 2015, by the following vote: Yeas 31, Nays 0. |
|---|
| 44 | + | ______________________________ |
|---|
| 45 | + | Secretary of the Senate |
|---|
| 46 | + | I hereby certify that S.B. No. 1878 passed the House on |
|---|
| 47 | + | May 22, 2015, by the following vote: Yeas 139, Nays 1, two |
|---|
| 48 | + | present not voting. |
|---|
| 49 | + | ______________________________ |
|---|
| 50 | + | Chief Clerk of the House |
|---|
| 51 | + | Approved: |
|---|
| 52 | + | ______________________________ |
|---|
| 53 | + | Date |
|---|
| 54 | + | ______________________________ |
|---|
| 55 | + | Governor |
|---|