86R19459 ADM-D
By: Israel, Capriglione, Cain H.B. No. 1421
Substitute the following for H.B. No. 1421:
By: Klick C.S.H.B. No. 1421
A BILL TO BE ENTITLED
AN ACT
relating to cybersecurity of voter registration lists and other
election-related documents, systems, and technology.
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
SECTION 1. Title 16, Election Code, is amended by adding
Chapter 279 to read as follows:
CHAPTER 279. CYBERSECURITY OF ELECTION SYSTEMS
Sec. 279.001. DEFINITIONS. In this chapter:
(1) "County election officer" means an individual
employed by a county as an elections administrator, voter
registrar, county clerk, or other officer with responsibilities
relating to the administration of elections.
(2) "Election data" means information that is created
or managed in the operation of an election system.
(3) "Election system" means a voting system and the
technology used to support the conduct of an election, including
the election data processed or produced in the course of conducting
an election, such as voter registration information, ballot
information, collected and tabulated votes, election management
processes and procedures, and other election-related documents and
election data.
Sec. 279.002. ELECTION CYBERSECURITY: SECRETARY OF STATE.
(a) The secretary of state shall adopt rules defining classes of
protected election data and establishing best practices for
identifying and reducing risk to the electronic use, storage, and
transmission of election data and the security of election systems.
(b) The secretary of state shall offer training on best
practices:
(1) on an annual basis, to all appropriate personnel
in the secretary of state's office; and
(2) on request, to county election officers in this
state.
(c) If the secretary of state becomes aware of a breach of
cybersecurity that impacts election data, the secretary shall
immediately notify the members of the standing committees of each
house of the legislature with jurisdiction over elections.
Sec. 279.003. ELECTION CYBERSECURITY: COUNTY ELECTION
OFFICERS. (a) A county election officer shall request training on
cybersecurity:
(1) from the secretary of state; and
(2) on an annual basis from another provider of
cybersecurity training, if the county election officer has
available state funds for that purpose.
(b) A county election officer shall request an assessment of
the cybersecurity of the county's election system from a provider
of cybersecurity assessments if the secretary of state recommends
an assessment and the necessary funds are available.
(c) If a county election officer becomes aware of a breach
of cybersecurity that impacts election data, the officer shall
immediately notify the secretary of state.
(d) To the extent that state funds are available for the
purpose, a county election officer shall implement cybersecurity
measures to ensure that all devices with access to election data
comply to the highest extent possible with rules adopted by the
secretary of state under Section 279.002.
SECTION 2. This Act takes effect September 1, 2019.