Tex. Educ. Code Section 11.175
School Cybersecurity


(a)

In this section:

(1)

“Breach of system security” means an incident in which student information that is sensitive, protected, or confidential, as provided by state or federal law, is stolen or copied, transmitted, viewed, or used by a person unauthorized to engage in that action.

(2)

“Cyber attack” means an attempt to damage, disrupt, or gain unauthorized access to a computer, computer network, or computer system.

(3)

“Cybersecurity” means the measures taken to protect a computer, computer network, or computer system against unauthorized use or access.

(b)

Each school district shall adopt a cybersecurity policy to:

(1)

secure district cyberinfrastructure against cyber attacks and other cybersecurity incidents; and

(2)

determine cybersecurity risk and implement mitigation planning.

(c)

A school district’s cybersecurity policy may not conflict with the information security standards for institutions of higher education adopted by the Department of Information Resources under Chapters 2054 (Information Resources) and 2059 (Texas Computer Network Security System), Government Code.

(d)

The superintendent of each school district shall designate a cybersecurity coordinator to serve as a liaison between the district and the agency in cybersecurity matters.

(e)

A school district or open-enrollment charter school shall report to the agency or, if applicable, the entity that administers the system established under Subsection (g) any cyber attack or other cybersecurity incident against the school district’s or open-enrollment charter school’s cyberinfrastructure that constitutes a breach of system security as soon as practicable after the discovery of the attack or incident.

(f)

The district’s cybersecurity coordinator shall provide notice to a parent of or person standing in parental relation to a student enrolled in the district of an attack or incident for which a report is required under Subsection (e) involving the student’s information.

(g)

The agency, in coordination with the Department of Information Resources, shall establish and maintain a system to coordinate the anonymous sharing of information concerning cyber attacks or other cybersecurity incidents between participating schools and the state. The system must:

(1)

include each report made under Subsection (e);

(2)

provide for reports made under Subsection (e) to be shared between participating schools in as close to real time as possible; and

(3)

preserve a reporting school’s anonymity by preventing the disclosure through the system of the name of the school at which an attack or incident occurred.

(h)

In establishing the system under Subsection (g), the agency may contract with a qualified third party to administer the system.

(h-1)

Notwithstanding Section 2054.5191 (Cybersecurity Training Required: Certain Employees and Officials), Government Code, only the district’s cybersecurity coordinator is required to complete the cybersecurity training under that section on an annual basis. Any other school district employee required to complete the cybersecurity training shall complete the training as determined by the district, in consultation with the district’s cybersecurity coordinator.

(i)

The commissioner shall adopt rules as necessary to implement this section.
Added by Acts 2019, 86th Leg., R.S., Ch. 605 (S.B. 820), Sec. 1, eff. September 1, 2019.
Amended by:
Acts 2021, 87th Leg., R.S., Ch. 618 (S.B. 1696), Sec. 1, eff. September 1, 2021.
Acts 2021, 87th Leg., R.S., Ch. 618 (S.B. 1696), Sec. 2, eff. September 1, 2021.
Acts 2021, 87th Leg., R.S., Ch. 1045 (S.B. 1267), Sec. 2, eff. June 18, 2021.
Acts 2023, 88th Leg., R.S., Ch. 768 (H.B. 4595), Sec. 24.001(9), eff. September 1, 2023.

Source: Section 11.175 — School Cybersecurity, https://statutes.­capitol.­texas.­gov/Docs/ED/htm/ED.­11.­htm#11.­175 (accessed Mar. 23, 2024).

11.001
Accreditation
11.002
Responsibility of School Districts for Public Education
11.003
Administrative Efficiency
11.011
Organization
11.051
Governance of Independent School District
11.052
Single-member Trustee Districts
11.053
Option to Continue in Office Following Adoption of Single-member Plan or Redistricting
11.054
Electing Trustees by Cumulative Voting
11.055
Application to Get on Ballot
11.056
Write-in Voting
11.057
Determination of Results
11.058
Election by Position
11.059
Terms
11.060
Vacancies
11.061
Qualification and Organization of Trustees
11.062
Election of Officers in Certain School Districts
11.063
Eligibility for Employment
11.064
Filing of Financial Statement by Trustee
11.065
Applicability to Certain Districts
11.066
Eligibility for Service by Trustee Convicted of Certain Offenses
11.151
In General
11.152
Taxes
11.153
Sale of Minerals
11.154
Sale of Property Other than Minerals
11.155
Eminent Domain
11.156
Donations to the Public Schools
11.157
Contracts for Educational Services
11.158
Authority to Charge Fees
11.159
Member Training and Orientation
11.160
Change of School District Name
11.161
Frivolous Suit
11.162
School Uniforms
11.164
Restricting Written Information
11.165
Access to School Campuses
11.166
Operation on Campus of Institution of Higher Education
11.167
Operation Outside District Boundaries
11.168
Use of District Resources Prohibited for Certain Purposes
11.169
Electioneering Prohibited
11.170
Internal Auditor
11.171
School District Grievance Policy
11.174
Contract Regarding Operation of District Campus
11.175
School Cybersecurity
11.178
Prohibition Against Use of School District Resources for Hotel
11.179
Sale of Alcoholic Beverages in Certain Leased District Facilities
11.182
Board Improvement and Evaluation Tool
11.184
Efficiency Audit
11.185
Early Childhood Literacy and Mathematics Proficiency Plans
11.186
College, Career, and Military Readiness Plans
11.201
Superintendents
11.202
Principals
11.251
Planning and Decision-making Process
11.252
District-level Planning and Decision-making
11.253
Campus Planning and Site-based Decision-making
11.254
State Responsibilities for the Planning and Decision-making Process
11.255
Dropout Prevention Review
11.301
Application of Former Law
11.302
Public Information
11.303
Municipal School Districts
11.304
Write-in Voting: Common School District Board Election
11.351
Authority to Establish Special-purpose School District
11.352
Governance of Special-purpose District
11.353
Admission and Attendance
11.354
Abolition of Special-purpose District
11.355
Annexation of Additional Territory by Certain Special-purpose Districts
11.356
Support of Students Enrolled in Special-purpose School Districts
11.0511
Student Trustee for Certain Districts
11.0581
Joint Elections Required
11.0621
Meetings
11.1511
Specific Powers and Duties of Board
11.1512
Collaboration Between Board and Superintendent
11.1513
Employment Policy
11.1514
Social Security Numbers
11.1515
Oversight of Academic Achievement
11.1516
District Data on Academic Achievement
11.1518
Trustee Information Posted on Website
11.1541
Donation of Surplus Property
11.1542
Open-enrollment Charter School Offer for District Facility
11.1543
Charter School Payment for Facilities Use or for Services

Accessed:
Mar. 23, 2024

§ 11.175’s source at texas​.gov