ELECTION CODE


TITLE 16. MISCELLANEOUS PROVISIONS


CHAPTER 279. CYBERSECURITY OF ELECTION SYSTEMS


Sec. 279.001. DEFINITIONS. In this chapter:

(1) "County election officer" means an individual employed by a county as an elections administrator, voter registrar, county clerk, or other officer with responsibilities relating to the administration of elections.

(2) "Election data" means information that is created or managed in the operation of an election system.

(3) "Election system" means a voting system and the technology used to support the conduct of an election, including the election data processed or produced in the course of conducting an election, such as voter registration information, ballot information, collected and tabulated votes, election management processes and procedures, and other election-related documents and election data.

Added by Acts 2019, 86th Leg., R.S., Ch. 1069 (H.B. 1421), Sec. 1, eff. September 1, 2019.

Sec. 279.002. ELECTION CYBERSECURITY: SECRETARY OF STATE. (a) The secretary of state shall adopt rules defining classes of protected election data and establishing best practices for identifying and reducing risk to the electronic use, storage, and transmission of election data and the security of election systems.

(b) The secretary of state shall offer training on best practices:

(1) on an annual basis, to all appropriate personnel in the secretary of state's office; and

(2) on request, to county election officers in this state.

(c) If the secretary of state becomes aware of a breach of cybersecurity that impacts election data, the secretary shall immediately notify the members of the standing committees of each house of the legislature with jurisdiction over elections.

Added by Acts 2019, 86th Leg., R.S., Ch. 1069 (H.B. 1421), Sec. 1, eff. September 1, 2019.

Sec. 279.003. ELECTION CYBERSECURITY: COUNTY ELECTION OFFICERS. (a) A county election officer shall annually request training on cybersecurity from the secretary of state. The secretary of state shall pay the costs associated with the training with available state funds.

(b) A county election officer shall request an assessment of the cybersecurity of the county's election system from a provider of cybersecurity assessments if the secretary of state recommends an assessment and the necessary funds are available.

(c) If a county election officer becomes aware of a breach of cybersecurity that impacts election data, the officer shall immediately notify the secretary of state.

(d) To the extent that state funds are available for the purpose, a county election officer shall implement cybersecurity measures to ensure that all devices with access to election data comply to the highest extent possible with rules adopted by the secretary of state under Section 279.002.

Added by Acts 2019, 86th Leg., R.S., Ch. 1069 (H.B. 1421), Sec. 1, eff. September 1, 2019.