Tex.
Gov't Code Section 2054.603
Security Incident Notification by State Agency or Local Government
(a)
In this section:(1)
“Security incident” means:(A)
a breach or suspected breach of system security as defined by Section 521.053 (Notification Required Following Breach of Security of Computerized Data), Business & Commerce Code; and(B)
the introduction of ransomware, as defined by Section 33.023 (Electronic Data Tampering), Penal Code, into a computer, computer network, or computer system.(2)
“Sensitive personal information” has the meaning assigned by Section 521.002 (Definitions), Business & Commerce Code.(b)
A state agency or local government that owns, licenses, or maintains computerized data that includes sensitive personal information, confidential information, or information the disclosure of which is regulated by law shall, in the event of a security incident:(1)
comply with the notification requirements of Section 521.053 (Notification Required Following Breach of Security of Computerized Data), Business & Commerce Code, to the same extent as a person who conducts business in this state;(2)
not later than 48 hours after the discovery of the security incident, notify:(A)
the department, including the chief information security officer; or(B)
if the security incident involves election data, the secretary of state; and(3)
comply with all department rules relating to reporting security incidents as required by this section.(c)
Not later than the 10th business day after the date of the eradication, closure, and recovery from a security incident, a state agency or local government shall notify the department, including the chief information security officer, of the details of the security incident and include in the notification an analysis of the cause of the security incident.(d)
This section does not apply to a security incident that a local government is required to report to an independent organization certified by the Public Utility Commission of Texas under Section 39.151 (Essential Organizations), Utilities Code.
Source:
Section 2054.603 — Security Incident Notification by State Agency or Local Government, https://statutes.capitol.texas.gov/Docs/GV/htm/GV.2054.htm#2054.603
(accessed Jun. 5, 2024).