77(R) HB 249 Introduced version

HBA-SEP H.B. 249 77(R)    BILL ANALYSIS


Office of House Bill AnalysisH.B. 249
By: Pitts
State Affairs
2/27/2001
Introduced



BACKGROUND AND PURPOSE 

Under current law, the findings of a computer system vulnerability report
conducted on or by a state agency may be  required to be made accessible to
the public, a practice that could compromise the safety of the state
agency's electronically stored sensitive and confidential information.
House Bill 249 provides that a vulnerability report is not subject to
disclosure and requires a state agency, whose manager has prepared a
vulnerability report, to prepare a summary of the report that excludes
information that might compromise security to be made available to the
public on request.  

RULEMAKING AUTHORITY

It is the opinion of the Office of House Bill Analysis that this bill does
not expressly delegate any additional rulemaking authority to a state
officer, department, agency, or institution. 

ANALYSIS

House Bill 249 amends the Government Code to authorize the information
resources manager (manager) of a state agency to prepare a report assessing
the extent to which a computer, a computer program, a computer network, a
computer system, computer software, or data processing (computer
technology) of the agency or agency's contractor is vulnerable to
unauthorized access or harm, including the extent to which the
electronically stored information is vulnerable to alteration, damage, or
erasure.  A vulnerability report or information gathered in preparation of
a vulnerability report is confidential and is not subject to disclosure
except on request from the Department of Information Resources or any other
information technology security oversight group specifically authorized by
the legislature to receive the report.  The bill requires a state agency
whose manager has prepared a vulnerability report to prepare a summary of
the report that does not contain information that might compromise the
security of the state agency's or agency contractor's computer technology,
or electronically stored information.  The summary is required to be made
available to the public on request.  

EFFECTIVE DATE
On passage, or if the Act does not receive the necessary vote, the Act
takes effect September 1, 2001.