85R7377 AAF-D
By: Shaheen H.B. No. 3671
A BILL TO BE ENTITLED
AN ACT
relating to the requirement that state agencies notify the
Department of Information Resources in the event of a breach of
system security or unauthorized exposure of certain information.
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
SECTION 1. Section 2054.1125(b), Government Code, is
amended to read as follows:
(b) A state agency that owns, licenses, or maintains
computerized data that includes sensitive personal information,
confidential information, or information the disclosure of which is
regulated by law shall, in the event of a suspected breach or breach
of system security or an unauthorized exposure of that information:
(1) comply[, in the event of a breach of system
security,] with the notification requirements of Section 521.053,
Business & Commerce Code, to the same extent as a person who
conducts business in this state; and
(2) notify the department, including the chief
information security officer and the state cybersecurity
coordinator, not later than 48 hours after the suspected breach,
breach, or unauthorized exposure.
SECTION 2. This Act takes effect September 1, 2017.