By: Paxton S.B. No. 1696     A BILL TO BE ENTITLED   AN ACT   relating to establishing a system for the sharing of information   regarding cyber attacks or other cybersecurity incidents occurring   in schools in this state.          BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:          SECTION 1.  The heading to Section 11.175, Education Code,   is amended to read as follows:          Sec. 11.175.  SCHOOL DISTRICT AND OPEN-ENROLLMENT CHARTER   SCHOOL CYBERSECURITY.          SECTION 2.  Section 11.175, Education Code, is amended by   amending Subsections (b), (c), (d), and (e) and adding Subsections   (g), (h), and (i) to read as follows:          (b)  Each school district and open-enrollment charter school   shall adopt a cybersecurity policy to:                (1)  secure district cyberinfrastructure against cyber   attacks and other cybersecurity incidents; and                (2)  determine cybersecurity risk and implement   mitigation planning.          (c)  A school district's or open-enrollment charter school's   cybersecurity policy may not conflict with the information security   standards for institutions of higher education adopted by the   Department of Information Resources under Chapters 2054 and 2059,   Government Code.          (d)  The superintendent of each school district and   open-enrollment charter school shall designate a cybersecurity   coordinator to serve as a liaison between the district or school and   the agency in cybersecurity matters.          (e)  A [The district's] cybersecurity coordinator designated   under Subsection (d) shall report to the agency or, if applicable,   the entity that administers the system established under Subsection   (g) any cyber attack or other cybersecurity incident against the   school district's or open-enrollment charter school's [district]   cyberinfrastructure that constitutes a breach of system security as   soon as practicable after the discovery of the attack or incident.          (g)  The agency, in coordination with the Department of   Information Resources, shall establish and maintain a system to   coordinate the anonymous sharing of information concerning cyber   attacks or other cybersecurity incidents between participating   public and private schools and the state.  The system must:                (1)  include each report made under Subsection (e);                (2)  provide for reports made under Subsection (e) to   be shared between participating schools in as close to real time as   possible; and                (3)  preserve a reporting school's anonymity by   preventing the disclosure through the system of the name of the   school at which an attack or incident occurred.          (h)  In establishing the system under Subsection (g), the   agency may:                (1)  contract with a qualified third party to   administer the system; and                (2)  allow open-enrollment charter schools and private   schools in this state to report and receive information through the   system.          (i)  The commissioner shall adopt rules as necessary to   implement this section.          SECTION 3.  This Act takes effect September 1, 2021.