85th Legislative Session

The 85th regular Texas legislative session begins next week (January 10th.) For those outside of The Great State of Texas the Texas legislature meets for 140 days every 2 years. In those few days things move pretty quickly; a budget must be drafted and passed, any new bills must be submitted, reviewed and adopted, state agencies face scrutiny. All-in-all it can be a whirlwind.

In the interim between sessions, legislative committees will dive deep into issues, researching topics and delivering reports to the Speaker of the House and Lt. Governor (who oversees the Senate).

So what is in store for information security or cybersecurity in the 85th?  If the interim tells us anything it is that “cyber” is on the mind of many in both houses.  Over the interim there were six House committees charged with identifying and making recommendations regarding cybersecurity policies.

  • House Committee on Business & Industry
  • House Committee on County Affairs
  • House Committee on Government Transparency & Operation
  • House Committee on House Administration
  • House Committee on Investments & Financial Services
  • House Committee on Urban Affairs

Several of these committees had hearings on the issue, at which I either testified or was used as a resource.

On the Senate side only the Business and Commerce committee was explicitly charged with reviewing cybersecurity.  The Inter-Governmental Relations committee had a charge regarding disaster preparedness planning and coordination, which has technology implications.

So, that is a long way of saying that there seems to be a concern with protection of information assets within the state.  There are already a handful of bills submitted, with more expected in the coming weeks.  The Texas Legislature Online site provides the capability to search for bills, but that can be a monotonous process to do each day.  One the Texas Legislation page, I’m tracking bills that are related to information security, cybersecurity, and privacy.

I also wrote a really bad script to search the TLO website for keywords.  It works, but it is U, L, G, Y, Ugly.  Feel free to grab it off github.  I’ll try to make it more pretty as the session goes.



Information security and Privacy Bill Tracker


Updated February 24, 2017 (changes in red)

There are a number of bills in front of the 85th session of the Texas legislature.  I’ve cherry picked several that are directly related to “computer security” or Privacy.  For the complete list click here.

House Bills

Bill Author Caption Stage Notes
HB8 Capriglione Relating to cybersecurity for state agency information resources. Filed A significant bill affecting multiple agencies. Requires all security incidents to be report to the Department of Information Resources (DIR) within 48 hours of detection. Also includes a provision for the Sunset Commission to include cybersecurity in their review of state agencies. Additionally directs DIR to conduct exercises and to address duplication of efforts within state agencies. Well worth reading the full bill.
HB9 Capriglione Relating to cybercrime ; creating criminal offenses. Filed Amends the Penal Code to include criminal offenses for malware and ransomware, among other cybercrimes.
HB138 Krause Relating to the creation of the Fiscal Risk Management Commission. Referred to Appropriations Sec. 2117.004(a)(2)(D)(i) adds study of “cyberterrorism” on the state to the Fiscal Risk Management Commission.
HB305 Minjarez Relating to student harassment, bullying, and cyberbullying. Referred to Public Education companion to SB180 (Identical)
HB306 Minjarez Relating to student harassment, bullying, cyberbullying, injury to or death of a minor; creating a criminal offense. Referred to Public Education companion to SB179 (Identical)
HB334 Collier Relating to the consideration by employers of the consumer credit reports or other credit information of employees and applicants for employment; providing civil and administrative penalties. Referred to Business & Industry  Amends the Labor Code Ch. 52 to limit the ability of an employer to request or adversely use an employees credit report as a condition of employment.  Creates a Civil penalty.
HB407 Tinderholt Relating to protection of the electric power transmission and distribution system. Referred to State Affairs  While this looks like it would be a companion to SB83(85R)-Hall, it is a distinct bill aimed at amending the Utility Code §39.151 to create design standards for electric power transmission.
HB542 Metcalf Relating to the drug screening and testing of certain persons seeking benefits under the medical assistance program. Referred to Human Services  Amends the Human Resources Code §32.024 to mandate drug screening for adults seeking medical assistance benefits.
HB703 Wu Relating to the availability of personal information of a child protective services caseworker or investigator. Referred to Human Services  Amends the Government Code §552 (public information) to except child protective services personal contact information.
HB787 Parker Relating to the security of the electric grid. Referred to State Affairs  Another bill aimed at electric grid security.  Amends Utilities Code to have an independent organization (created under Utilities §39.151) to collect information on grid security.
HB788 Parker Relating to enhancing the security of the electric grid; making an appropriation. Referred to Appropriations
HB792 Capriglione Relating to the exception from disclosure under the public information law for information related to competition or bidding. Filed  Companion to SB407 (Identical)
HB1278 Dutton Relating to availability of Previous personal information of certain current and former prosecutors. Referred to Government Transparency & Operations Excepts the personal information of district attorneys, criminal district attorneys and municipal attorneys from public disclosure.
HB1452 Blanco Relating to a study regarding cyber attacks on election infrastructure. Introduced Directs the Secretary of State to study of the election infrastructures vulnerability to cyber attacks and to provide recommendations to protect the infrastructure.
HB1605 Blanco Relating to the powers and duties of the Department of Information Resources regarding cybersecurity.
Introduced A substantial change to the DIR cybersecurity duties including reports on ways to improve cybersecurity, evaluation of cybersecurity insurance, and the possibility of creating an emergency fund for responding to cybersecurity events.
HB1898 Uresti, Tomas Relating to a study on state agency digital data storage and records management practices and associated state costs.
Introduced Requires the Department of Information Resources (DIR) and the Texas State Library and Archives Commission to conduct a study on the use of digital data storage and its associated costs. Additionally requires (in the report) whether agencies are complying with data classification policies.
HB2087 VanDeaver Relating to restricting the use of covered information, including student personally identifiable information, by an operator of a website, online service, online application, or mobile application for a school purpose.
Introduced An interesting bill targeted at restricting the use of student’s profiles gathered by online services. As many of these services are nationwide, it would be interesting to see this bill in action
HB2222 Hunter Relating to the confidentiality of home address information of certain victims of family violence, sexual assault or abuse, stalking, or trafficking of persons.
Introduced Adds victims of sexual abuse or human trafficking to Chapter 56 of the cod of criminal procedure which currently includes family violence, sexual assault, or stalking.
HB2333 Elkins Relating to a breach of system security of a business that exposes consumer credit card or debit card information; providing a civil penalty.
Filed Adds credit and debit card information to existing definition of breach in Business & Commerce Code sec 521. Also creates a fund for compensating victims of a breach. Also sets a civil penalty of $50 per record for each card breached, if the business fails to secure their systems.

Senate Bills

Bill Author Caption Stage Notes
SB42 Zaffirni Relating to the security of courts and judges in the state. Referred to State Affairs; Co-author authorized Excepts disclosure of personal information of judges and their spouses from disclosure.

Companion to HB1487 (Identical)

SB56 Zaffirni Relating to the acknowledgment by management of risks identified in state agency information security plans. Referred to Business & Commerce Bill refilled from 84th Legislature

Companion to HB1048 (Identical)
Companion to HB1604 (Similar)

SB83 Hall Relating to protection of energy critical infrastructure from electromagnetic, geomagnetic, terrorist, and cyber-attack threats. Referred to Business & Commerce  A significant amendment to Government Code Ch. 418(I) focused on threats to the power grid from EMP.  Creates an electromagnetic threat preparedness task force.
SB179 Menéndez Relating to student harassment, bullying, cyberbullying, injury to or death of a minor; creating a criminal offense. Referred to State Affairs companion to HB306
SB180 Menéndez Relating to student harassment, bullying, and cyberbullying. Referred to Education companion to HB305
SB456 Taylor, Van Relating to the right of members of the legislature, the lieutenant governor, committees of the legislature, and legislative agencies to access certain governmental information for legislative purposes; creating a criminal offense. Referred to Business & Commerce One of the more interesting confidentiality bills so far this session.  Allows for members of the Legislature to request “governmental information” maintained by or for a governmental body, including confidential information.  Some protections are available, but the timelines for response are relatively short.
SB532 Nelson Relating to reports on and purchase of information technology by state agencies. Scheduled for public hearing One to keep an eye on. The bill directs agencies to provide information to the Department of Information Resources about their security programs and risks. DIR must provide a public analysis of the risks and plans.  Also has some language about cloud computing and state agencies.

Companion to HB1467 (Similar)

SB564 Campbell Relating to the applicability of open meetings requirements to certain meetings of a governing body relating to information technology security practices. Referred to Business & Commerce Expands (currently only applies to the Department of Information Resources) an exception to open meetings requirements to allow for closed meetings of governmental bodies to discuss security assessments, network security information, or other security issues.
SB659 Campbell Relating to the availability of personal information of a statewide elected official or member of the legislature. Referred to Business & Commerce Excepts the personal contact information of state officers elected statewide or a member of the legislature from disclosure under the PIA.
SB705 Birdwell Relating to an exception from disclosure under the public information law for certain personal information of an applicant for an appointment by the governor. Referred to Nominations Excepts the personal contact information of persons applying for appointment by the governor or the senate from public disclosure under the PIA.
SB1020 Taylor Relating to cybercrime ; creating criminal offenses. Filed Companion to HB9 (Capriglione)

A couple people have asked about certain legislation in Texas related to privacy in restrooms or immigration. I will not address those topics here, as this tracker is related to information security and data privacy.