KBS Reference Desk: Cybersecurity Training HB 3834

Q:       I noticed several provisions related to cybersecurity during the recent legislative session; is every district employee required to complete the referenced “cybersecurity training”? If not, how do we determine which employees must complete the training?

 

A:       No, not all employees must be trained. House Bill 3834 requires training only for employees who use a computer at least 25 percent of their day to complete required duties. 

House Bill 3834, effective June 14, 2019, was enacted to ensure that sensitive information maintained by the State and local governments remains protected from unauthorized users. The Bill requires that certain employees, as well as all of the State’s elected officials, annually complete a cybersecurity training program certified by the Texas Department of Information Resources (TDPI). The determining factor as to whether a particular employee is required to complete the cybersecurity training is the individual’s job duties.  Specifically, the Bill applies to employees “who use a computer to complete at least 25 percent of [their] required duties.” Gov’t. Code Sec. 2054.5191.  

HB 3834 also requires school district contractors and subcontractors to complete a certified cybersecurity training program if the contractor or subcontractor has access to a district computer system or database. The cybersecurity training program can be selected by the school district and must be completed by the contractor during the term of the given contract, including any renewal period (such as an automatic renewal). For contracts entered into or renewed after June 14, 2019, the required completion of a cybersecurity training program must be included in the terms of the contract. HB 3834 does not apply to contracts entered into or renewed before June 14, 2019. 

TDIR indicates it will release a list of certified training programs this October. Moreover, school districts that employ a dedicated information resource cybersecurity officer may offer the training internally so long as the program meets the statutory requirements. For specific questions pertaining to cybersecurity training, please contact your local school attorney.

Related Posts

Recent Articles

KBS Reference Desk: Temporary Suspension of TPIA due to Catastrophe
August 6, 2021
KBS Reference Desk: Standard for Reporting Child Abuse and Neglect
July 30, 2021
KBS Reference Desk: Bullying Policies and Reporting SB 2050
July 23, 2021
KBS Reference Desk: Homeschoolers and UIL
July 16, 2021
KBS Reference Desk: TOMA Suspension Extension
July 9, 2021
KBS Reference Desk: Revision to Resignation without Penalty Deadline
July 2, 2021
KBS Reference Desk: SB 179 School Counselors
June 25, 2021
KBS Reference Desk: 2021 TRS Surcharge SB 202
June 18, 2021
KBS Reference Desk: When do Virtual Board Meetings End
June 11, 2021
KBS Reference Desk: Buy American Program
June 4, 2021
KBS Reference Desk: Board Member with Substantial Interest Closed Meeting Attendance
May 28, 2021
KBS Reference Desk: Administrator Reassignments – Same Professional Capacity
May 21, 2021
KBS Reference Desk: Vaccine Complications and FFCRA
May 14, 2021
KBS Reference Desk: Importance of Contract Legal Review
May 7, 2021
KBS Reference Desk: Negotiating Resignations
April 30, 2021
KBS Reference Desk: Authority to Create New Position
April 23, 2021
KBS Reference Desk: Vaccine Incentive Programs for Employees
April 16, 2021
KBS Reference Desk: Felony Conviction and School Board Candidates
April 9, 2021
KBS Reference Desk: T-TESS Rubric Virtual
April 2, 2021
KBS Reference Desk: COVID-19 Vaccination Status Questions and EEO Laws
March 26, 2021
KBS Reference Desk: Certification Addendum
March 19, 2021
KBS Reference Desk: Lifting of Mask Mandate and Implications for UIL Activities
March 12, 2021
KBS Reference Desk: Identification of TPIA Requestor
March 5, 2021
KBS Reference Desk: Pay During Closure
February 26, 2021
KBS Reference Desk: Vaccines and Quarantine
February 19, 2021