VIOLET SULLIVAN

Cybersecurity Act Passes Texas Legislature

The Texas State Legislature closed their special session earlier this month and with it came a new piece of legislation on cybersecurity. These new cybersecurity regulations for Texas go into effect September 1, 2017.

House Bill 8 sets new standards for training, cyber reporting and protection among state agencies:

  • Calls for the long overdue creation of Texas House and Senate select committees on cybersecurity;
  • Requires a security assessment of Texas systems, training on how to respond to threats, a review of state digital data storage and state incident response plan that can be used in the event of a cyberattack; and
  • Creates a public-private cyber information sharing task force to be staffed with both government officials and private sector professionals.

House Bill 9 criminalizes the intentional, indirect compromise of a network and computer without the consent of the owner.

  • Current Texas law oddly addresses only direct access. House Bill 9 extends prosecutorial authorities to cover the use of malware and ransomware against parties not physically present at the computer.

Impact on Data Breach Notification Law

Good News: This change only affects state agencies and election data.

Previously: State agencies only had to comply with the notification requirements imposed on private companies under the Texas Business & Commerce code. This new legislation creates heightened standards for state agencies and complicates breach notification law:

  • High Reporting Standards for State Agencies. State Agencies are now required to notify the following within 48 hours of a discovery of breach: (1) Texas Department of Information Resources, including the chief information security officer; (2)State cybersecurity coordinator, and (3) if the breach involves election data, the secretary of state
  • Widens the scope of the notification requirements. Where the original statute says “in the event of a breach of system security”, the new House Bill expands the scope by also including “in the event of a breach or suspected breach of system security or an unauthorized exposure of that information.

Legal statutes are evolving to both keep up with the private sector threats and defend state agencies against the inevitable threats that come with the age of technology.

violetsullivan

Leave a Reply

With an unyielding commitment to safeguarding digital landscapes, Sullivan tirelessly explores innovative strategies to fortify online defenses. Her expertise spans across cutting-edge technologies, enabling them to anticipate and counteract potential threats, all while advocating for robust privacy measures. Through continuous learning and a fervent belief in the power of technology for good, Sullivan serves as a vigilant guardian of both digital realms and individual freedoms.

Categories

Recent Posts

Discover more from Violet Sullivan

Subscribe now to keep reading and get access to the full archive.

Continue reading