77(R) HB 249 Enrolled version

HBA-SEP H.B. 249 77(R)BILL ANALYSIS


Office of House Bill AnalysisH.B. 249
By: Pitts
State Affairs
7/9/2001
Enrolled



BACKGROUND AND PURPOSE 

Prior to the 77th Legislature, the findings of a computer system
vulnerability report conducted on or by a state agency may have been
required to be made accessible to the public, a practice that could have
compromised the safety of the state agency's electronically stored
sensitive and confidential information. House Bill 249 provides that a
vulnerability report is not subject to disclosure and requires a state
agency, whose manager has prepared a vulnerability report, to prepare a
summary of the report that excludes information that might compromise
security to be made available to the public on request.  

RULEMAKING AUTHORITY

It is the opinion of the Office of House Bill Analysis that this bill does
not expressly delegate any additional rulemaking authority to a state
officer, department, agency, or institution. 

ANALYSIS

House Bill 249 amends the Government Code to authorize the information
resources manager (manager) of a state agency to prepare a report assessing
the extent to which a computer, a computer program, a computer network, a
computer system, computer software, or data processing (computer
technology) of the agency or agency's contractor is vulnerable to
unauthorized access or harm, including the extent to which the
electronically stored information is vulnerable to alteration, damage, or
erasure.  A vulnerability report or information gathered in preparation of
a vulnerability report is confidential and is not subject to disclosure
except on request from the Department of Information Resources, the state
auditor, or any other information technology security oversight group
specifically authorized by the legislature to receive the report.  The bill
requires a state agency whose manager has prepared a vulnerability report
to prepare a summary of the report that does not contain information that
might compromise the security of the state agency's or agency contractor's
computer technology, or electronically stored information.  The summary is
required to be made available to the public on request.  

EFFECTIVE DATE

June 14, 2001.