(a) Each state agency shall develop a data use agreement for use by the agency that meets the particular needs of the agency and is consistent with rules adopted by the department that relate to information security standards for state agencies.
(b) A state agency shall update the data use agreement at least biennially, but may update the agreement at any time as necessary to accommodate best practices in data management.

Ask a legal question, get an answer ASAP!
Click here to chat with a lawyer about your rights.


(c) A state agency shall distribute the data use agreement developed under this section, and each update to that agreement, to employees of the agency who handle sensitive information, including financial, medical, personnel, or student data. The employee shall sign the data use agreement distributed and each update to the agreement.
(d) To the extent possible, a state agency shall provide employees described by Subsection (c) with cybersecurity awareness training to coincide with the distribution of:
(1) the data use agreement required under this section; and
(2) each biennial update to that agreement.