Bill Text: TX HB3289 | 2023-2024 | 88th Legislature | Comm Sub
Bill Title: Relating to prohibiting the use of certain social media applications and services on devices owned or leased by state agencies.
Spectrum: Partisan Bill (Republican 1-0)
Status: (Introduced - Dead) 2023-05-08 - Laid on the table subject to call [HB3289 Detail]
Download: Texas-2023-HB3289-Comm_Sub.html
| 88R24128 JCG-D | |||
| By: Anderson | H.B. No. 3289 | ||
| Substitute the following for H.B. No. 3289: | |||
| By: Smithee | C.S.H.B. No. 3289 | ||
|
|
||
|
|
||
| relating to prohibiting the use of certain social media | ||
| applications and services on devices owned or leased by state | ||
| agencies. | ||
| BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: | ||
| SECTION 1. Subtitle B, Title 6, Government Code, is amended | ||
| by adding Chapter 674 to read as follows: | ||
| CHAPTER 674. USE OF CERTAIN SOCIAL MEDIA APPLICATIONS AND SERVICES | ||
| ON STATE AGENCY DEVICES PROHIBITED | ||
| Sec. 674.001. DEFINITIONS. In this chapter: | ||
| (1) "Prohibited application" means: | ||
| (A) a social media application or service | ||
| included on the list published by the Department of Information | ||
| Resources under Section 674.005; or | ||
| (B) a social media application or service | ||
| specified by executive order of the governor under Section 674.004. | ||
| (2) "State agency" means: | ||
| (A) a department, commission, board, office, or | ||
| other agency that is in the executive or legislative branch of state | ||
| government and that was created by the constitution or a statute, | ||
| including an institution of higher education as defined by Section | ||
| 61.003, Education Code; or | ||
| (B) the supreme court, the court of criminal | ||
| appeals, a court of appeals, or the Texas Judicial Council or | ||
| another agency in the judicial branch of state government. | ||
| Sec. 674.002. PROHIBITION; MODEL POLICY. (a) Subject to | ||
| Section 674.003, a state agency shall adopt a policy prohibiting | ||
| the installation or use of a prohibited application on any device | ||
| owned or leased by the state agency and requiring the removal of | ||
| prohibited applications from those devices. | ||
| (b) The Department of Information Resources and the | ||
| Department of Public Safety shall jointly develop a model policy | ||
| for state agencies to use in developing the policy required by | ||
| Subsection (a). | ||
| Sec. 674.003. EXCEPTIONS; MITIGATING MEASURES. (a) A | ||
| policy adopted under Section 674.002 may include an exception | ||
| allowing the installation and use of a prohibited application to | ||
| the extent necessary: | ||
| (1) for providing law enforcement; | ||
| (2) for developing or implementing information | ||
| security measures; or | ||
| (3) to allow other legitimate governmental uses as | ||
| jointly determined by the Department of Information Resources and | ||
| the Department of Public Safety. | ||
| (b) A policy allowing the installation and use of a | ||
| prohibited application under Subsection (a) must require: | ||
| (1) the use of measures to mitigate risks to the | ||
| security of state agency information during the use of the | ||
| prohibited application; and | ||
| (2) the documentation of those measures. | ||
| (c) The administrative head of a state agency must approve | ||
| in writing the installation and use of a prohibited application | ||
| under an exception described by Subsection (a) by employees of the | ||
| state agency and report the approval to the Department of | ||
| Information Resources. | ||
| Sec. 674.004. APPLICATIONS IDENTIFIED BY GOVERNOR'S ORDER. | ||
| The governor by executive order may identify social media | ||
| applications or services that pose a threat to the security of the | ||
| state's sensitive information, critical infrastructure, or both. | ||
| Sec. 674.005. APPLICATION IDENTIFIED BY DEPARTMENT OF | ||
| INFORMATION RESOURCES AND DEPARTMENT OF PUBLIC SAFETY. (a) The | ||
| Department of Information Resources and the Department of Public | ||
| Safety, in consultation with the office of the governor, shall | ||
| jointly identify social media applications or services that pose a | ||
| threat to the security of the state's sensitive information, | ||
| critical infrastructure, or both. | ||
| (b) The Department of Information Resources shall publish | ||
| annually and maintain on the department's publicly accessible | ||
| Internet website a list of the prohibited applications identified | ||
| under Subsection (a). | ||
| SECTION 2. Not later than the 60th day after the date the | ||
| Department of Information Resources and the Department of Public | ||
| Safety make available the model policy required by Section | ||
| 674.002(b), Government Code, as added by this Act, each state | ||
| agency shall adopt the policy required by Section 674.002(a), | ||
| Government Code, as added by this Act. | ||
| SECTION 3. This Act takes effect immediately if it receives | ||
| a vote of two-thirds of all the members elected to each house, as | ||
| provided by Section 39, Article III, Texas Constitution. If this | ||
| Act does not receive the vote necessary for immediate effect, this | ||
| Act takes effect September 1, 2023. | ||
