LEGISLATIVE BUDGET BOARD Austin, Texas FISCAL NOTE, 88TH LEGISLATIVE REGULAR SESSION March 29, 2023 TO: Honorable Charles Schwertner, Chair, Senate Committee on Business & Commerce FROM: Jerry McGinty, Director, Legislative Budget Board IN RE: SB1204 by Paxton (Relating to state and local government information technology infrastructure, information security, and data breach and exposure reporting.), As Introduced No significant fiscal implication to the State is anticipated. The bill would amend Government Code Sec. 2054.068, requiring the Department of Information Resources (DIR) to rate the security maturity of state agencies. It would also authorize DIR to audit agencies with certain ratings and make recommendations for improvements. The bill would amend Government Code Sec. 2054.0594 to allow, but not require, DIR to establish an interstate information sharing and analysis organization (ISAO) to provide a forum for states to share information regarding cybersecurity threats, best practices, and remediation strategies.The bill would modify the use of the Technology Improvement and Modernization Fund. It is assumed that any costs associated with the bill could be absorbed using existing resources. Local Government ImpactThe bill would require local government entities to report security incidents to DIR. Is is assumed that any costs associated with this reporting process could be absorbed using existing resources. Source Agencies: b > td > 313 Department of Information Resources LBB Staff: b > td > JMc, SZ, LCO, CSmi, NV
LEGISLATIVE BUDGET BOARD
Austin, Texas
FISCAL NOTE, 88TH LEGISLATIVE REGULAR SESSION
March 29, 2023
TO: Honorable Charles Schwertner, Chair, Senate Committee on Business & Commerce FROM: Jerry McGinty, Director, Legislative Budget Board IN RE: SB1204 by Paxton (Relating to state and local government information technology infrastructure, information security, and data breach and exposure reporting.), As Introduced
TO: Honorable Charles Schwertner, Chair, Senate Committee on Business & Commerce
FROM: Jerry McGinty, Director, Legislative Budget Board
IN RE: SB1204 by Paxton (Relating to state and local government information technology infrastructure, information security, and data breach and exposure reporting.), As Introduced
Honorable Charles Schwertner, Chair, Senate Committee on Business & Commerce
Honorable Charles Schwertner, Chair, Senate Committee on Business & Commerce
Jerry McGinty, Director, Legislative Budget Board
Jerry McGinty, Director, Legislative Budget Board
SB1204 by Paxton (Relating to state and local government information technology infrastructure, information security, and data breach and exposure reporting.), As Introduced
SB1204 by Paxton (Relating to state and local government information technology infrastructure, information security, and data breach and exposure reporting.), As Introduced
No significant fiscal implication to the State is anticipated.
No significant fiscal implication to the State is anticipated.
The bill would amend Government Code Sec. 2054.068, requiring the Department of Information Resources (DIR) to rate the security maturity of state agencies. It would also authorize DIR to audit agencies with certain ratings and make recommendations for improvements. The bill would amend Government Code Sec. 2054.0594 to allow, but not require, DIR to establish an interstate information sharing and analysis organization (ISAO) to provide a forum for states to share information regarding cybersecurity threats, best practices, and remediation strategies.The bill would modify the use of the Technology Improvement and Modernization Fund. It is assumed that any costs associated with the bill could be absorbed using existing resources.
The bill would amend Government Code Sec. 2054.068, requiring the Department of Information Resources (DIR) to rate the security maturity of state agencies. It would also authorize DIR to audit agencies with certain ratings and make recommendations for improvements.
The bill would modify the use of the Technology Improvement and Modernization Fund. It is assumed that any costs associated with the bill could be absorbed using existing resources.
It is assumed that any costs associated with the bill could be absorbed using existing resources.
Local Government Impact
The bill would require local government entities to report security incidents to DIR. Is is assumed that any costs associated with this reporting process could be absorbed using existing resources.
Source Agencies: b > td > 313 Department of Information Resources
313 Department of Information Resources
LBB Staff: b > td > JMc, SZ, LCO, CSmi, NV
JMc, SZ, LCO, CSmi, NV