Section 411.084 - Use of Criminal History Record Information(a) Criminal history record information obtained from the department under this subchapter, including any identification information that could reveal the identity of a person about whom criminal history record information is requested and information that directly or indirectly indicates or implies involvement of a person in the criminal justice system:(1) is for the exclusive use of the authorized recipient of the information; and(2) may be disclosed or used by the recipient only if, and only to the extent that, disclosure or use is authorized or directed by:(C) a rule adopted under a statute; or(D) an order of a court of competent jurisdiction.(a-1) The term "criminal history record" information under Subsection (a) does not refer to any specific document produced to comply with this subchapter but to the information contained, wholly or partly, in a document's original form or any subsequent form or use.(b) Notwithstanding Subsection (a) or any other provision in this subchapter relating to the release or disclosure of such information, criminal history record information obtained from the Federal Bureau of Investigation may be released or disclosed only to a governmental entity or as authorized by federal law and regulations, federal executive orders, and federal policy. (c) An agency or individual may not confirm the existence or nonexistence of criminal history record information to any person that is not eligible to receive the information.(d) Notwithstanding any other provision of this subchapter, a private entity that purchases information from the department is not required to provide proof of cyber-threat insurance coverage or post a performance bond if that entity: (1) provides proof of an audit by a certified public accountant certifying that the requestor has implemented internal controls and security protocols that are consistent with the National Institute of Standards and Technology standards for cybersecurity and approved by the Department of Information Resources or an IT cybersecurity professional certified by the National Institute of Standards and Technology or a similar organization; (2) provides proof of Payment Card Industry Data Security Standard (PCI DSS) certification or certification by a similar organization recognized by the Department of Information Resources; or (3) provides proof of compliance with voluntary compliance standards for cybersecurity developed by a national organization of certified public accountants for the management of customer data, including SOC 1, SOC 2, or SOC. Tex. Gov't. Code § 411.084
Amended by Acts 2023, Texas Acts of the 88th Leg.- Regular Session, ch. 871,Sec. 12, eff. 6/13/2023.Amended By Acts 2009, 81st Leg., R.S., Ch. 1146, Sec. 9A.01, eff. 9/1/2009.Amended By Acts 2009, 81st Leg., R.S., Ch. 1146, Sec. 10.03, eff. 6/19/2009.Amended by Acts 2003, 78th Leg., ch. 296, Sec. 1, eff. 9/1/2003.Added by Acts 1993, 73rd Leg., ch. 790, Sec. 35, eff. 9/1/1993.