Sec. 2054.516. DATA SECURITY PLAN FOR ONLINE AND MOBILE APPLICATIONS. (a) Each state agency implementing an Internet website or mobile application that processes any sensitive personal or personally identifiable information or confidential information must:
(1) submit a biennial data security plan to the department not later than June 1 of each even-numbered year to establish planned beta testing for the website or application; and
(2) subject the website or application to a vulnerability and penetration test and address any vulnerability identified in the test.
(b) The department shall review each data security plan submitted under Subsection (a) and make any recommendations for changes to the plan to the state agency as soon as practicable after the department reviews the plan.
Added by Acts 2017, 85th Leg., R.S., Ch. 683 (H.B. 8), Sec. 11, eff. September 1, 2017.
Added by Acts 2017, 85th Leg., R.S., Ch. 955 (S.B. 1910), Sec. 5, eff. September 1, 2017.
Reenacted and amended by Acts 2019, 86th Leg., R.S., Ch. 467 (H.B. 4170), Sec. 8.016, eff. September 1, 2019.
Reenacted and amended by Acts 2019, 86th Leg., R.S., Ch. 509 (S.B. 64), Sec. 16, eff. September 1, 2019.
Amended by:
Acts 2021, 87th Leg., R.S., Ch. 856 (S.B. 800), Sec. 11, eff. September 1, 2021.
Structure Texas Statutes
Subtitle B - Information and Planning
Chapter 2054 - Information Resources
Subchapter N. -1. Cybersecurity
Section 2054.511. Cybersecurity Coordinator
Section 2054.512. Cybersecurity Council
Section 2054.514. Recommendations
Section 2054.515. Agency Information Security Assessment and Report
Section 2054.516. Data Security Plan for Online and Mobile Applications
Section 2054.518. Cybersecurity Risks and Incidents
Section 2054.5181. Cyberstar Program; Certificate of Approval
Section 2054.519. State Certified Cybersecurity Training Programs
Section 2054.5191. Cybersecurity Training Required: Certain Employees and Officials
Section 2054.5192. Cybersecurity Training Required: Certain State Contractors