88R4050 LRM-F     By: Capriglione H.B. No. 984       A BILL TO BE ENTITLED   AN ACT   relating to the employment of a chief privacy officer in the   Department of Information Resources.          BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:          SECTION 1.  Subchapter B, Chapter 2054, Government Code, is   amended by adding Section 2054.0287 to read as follows:          Sec. 2054.0287.  CHIEF PRIVACY OFFICER. (a) The executive   director shall employ a chief privacy officer to provide assistance   to state agencies on legal and policy matters involving data   privacy.  The chief privacy officer shall:                (1)  conduct a biennial privacy review that compiles   information about the data privacy practices of state agencies,   including, for each agency, information about:                      (A)  the specific privacy policies implemented;                      (B)  the type of data collected;                      (C)  how the data collected by the agency is   obtained, shared, secured, stored, and discarded;                      (D)  the persons with whom the agency shares the   data; and                      (E)  how the agency deidentifies or anonymizes the   data;                (2)  develop and implement best practices among state   agencies to ensure compliance with privacy laws;                (3)  provide state agencies and their employees with   guidance related to best practices on data privacy; and                (4)  coordinate data protection in cooperation with the   chief information officer and the chief data officer described by   Sections 2054.0285 and 2054.0286, respectively.          (b)  Each state agency shall cooperate with the chief privacy   officer in fulfilling the requirements of this section.          (c)  The chief privacy officer may assist local governments   and the public with data privacy and protection concerns by:                (1)  developing and promoting the dissemination of best   practices for the collection and storage of personally identifiable   information, including establishing and conducting training   programs for local governments; and                (2)  educating consumers about the use of personally   identifiable information on mobile and digital networks and   measures that can help protect the user's data.          SECTION 2.  As soon as practicable after the effective date   of this Act, the executive director of the Department of   Information Resources shall employ a chief privacy officer as   required by Section 2054.0287, Government Code, as added by this   Act.          SECTION 3.  This Act takes effect September 1, 2023.