Sec. 2054.516. DATA SECURITY PLAN FOR ONLINE AND MOBILE APPLICATIONS. (a) Each state agency implementing an Internet website or mobile application that processes any sensitive personal or personally identifiable information or confidential information must:
(1) submit a biennial data security plan to the department not later than June 1 of each even-numbered year to establish planned beta testing for the website or application; and
(2) subject the website or application to a vulnerability and penetration test and address any vulnerability identified in the test.
(b) The department shall review each data security plan submitted under Subsection (a) and make any recommendations for changes to the plan to the state agency as soon as practicable after the department reviews the plan.
Added by Acts 2017, 85th Leg., R.S., Ch. 683 (H.B. 8), Sec. 11, eff. September 1, 2017.
Added by Acts 2017, 85th Leg., R.S., Ch. 955 (S.B. 1910), Sec. 5, eff. September 1, 2017.
Reenacted and amended by Acts 2019, 86th Leg., R.S., Ch. 467 (H.B. 4170), Sec. 8.016, eff. September 1, 2019.
Reenacted and amended by Acts 2019, 86th Leg., R.S., Ch. 509 (S.B. 64), Sec. 16, eff. September 1, 2019.
Amended by:
Acts 2021, 87th Leg., R.S., Ch. 856 (S.B. 800), Sec. 11, eff. September 1, 2021.