| 1 | 1 | | 88R4050 LRM-F |
|---|
| 2 | 2 | | By: Capriglione H.B. No. 984 |
|---|
| 3 | 3 | | |
|---|
| 4 | 4 | | |
|---|
| 5 | 5 | | A BILL TO BE ENTITLED |
|---|
| 6 | 6 | | AN ACT |
|---|
| 7 | 7 | | relating to the employment of a chief privacy officer in the |
|---|
| 8 | 8 | | Department of Information Resources. |
|---|
| 9 | 9 | | BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: |
|---|
| 10 | 10 | | SECTION 1. Subchapter B, Chapter 2054, Government Code, is |
|---|
| 11 | 11 | | amended by adding Section 2054.0287 to read as follows: |
|---|
| 12 | 12 | | Sec. 2054.0287. CHIEF PRIVACY OFFICER. (a) The executive |
|---|
| 13 | 13 | | director shall employ a chief privacy officer to provide assistance |
|---|
| 14 | 14 | | to state agencies on legal and policy matters involving data |
|---|
| 15 | 15 | | privacy. The chief privacy officer shall: |
|---|
| 16 | 16 | | (1) conduct a biennial privacy review that compiles |
|---|
| 17 | 17 | | information about the data privacy practices of state agencies, |
|---|
| 18 | 18 | | including, for each agency, information about: |
|---|
| 19 | 19 | | (A) the specific privacy policies implemented; |
|---|
| 20 | 20 | | (B) the type of data collected; |
|---|
| 21 | 21 | | (C) how the data collected by the agency is |
|---|
| 22 | 22 | | obtained, shared, secured, stored, and discarded; |
|---|
| 23 | 23 | | (D) the persons with whom the agency shares the |
|---|
| 24 | 24 | | data; and |
|---|
| 25 | 25 | | (E) how the agency deidentifies or anonymizes the |
|---|
| 26 | 26 | | data; |
|---|
| 27 | 27 | | (2) develop and implement best practices among state |
|---|
| 28 | 28 | | agencies to ensure compliance with privacy laws; |
|---|
| 29 | 29 | | (3) provide state agencies and their employees with |
|---|
| 30 | 30 | | guidance related to best practices on data privacy; and |
|---|
| 31 | 31 | | (4) coordinate data protection in cooperation with the |
|---|
| 32 | 32 | | chief information officer and the chief data officer described by |
|---|
| 33 | 33 | | Sections 2054.0285 and 2054.0286, respectively. |
|---|
| 34 | 34 | | (b) Each state agency shall cooperate with the chief privacy |
|---|
| 35 | 35 | | officer in fulfilling the requirements of this section. |
|---|
| 36 | 36 | | (c) The chief privacy officer may assist local governments |
|---|
| 37 | 37 | | and the public with data privacy and protection concerns by: |
|---|
| 38 | 38 | | (1) developing and promoting the dissemination of best |
|---|
| 39 | 39 | | practices for the collection and storage of personally identifiable |
|---|
| 40 | 40 | | information, including establishing and conducting training |
|---|
| 41 | 41 | | programs for local governments; and |
|---|
| 42 | 42 | | (2) educating consumers about the use of personally |
|---|
| 43 | 43 | | identifiable information on mobile and digital networks and |
|---|
| 44 | 44 | | measures that can help protect the user's data. |
|---|
| 45 | 45 | | SECTION 2. As soon as practicable after the effective date |
|---|
| 46 | 46 | | of this Act, the executive director of the Department of |
|---|
| 47 | 47 | | Information Resources shall employ a chief privacy officer as |
|---|
| 48 | 48 | | required by Section 2054.0287, Government Code, as added by this |
|---|
| 49 | 49 | | Act. |
|---|
| 50 | 50 | | SECTION 3. This Act takes effect September 1, 2023. |
|---|