Texas Statewide Data Exchange Compact
The Texas Statewide Data Exchange Compact (TSDEC) is a uniform data sharing and data security agreement for participating Texas state agencies to facilitate an efficient and consistent method of compliance with state and federal laws regarding data sharing and data security including Texas Administrative Code, Title 1, Part 10, Chapter 202 (TAC 202) adopted by the Texas Department of Information Resources.
The purpose of the TSDEC is to provide a uniform mechanism for communicating and safeguarding requirements for the protection of sensitive personal information maintained, stored, used, disclosed, and shared among other Texas state agencies. The goal is to ensure that sensitive personal information receives the same data security and protections consistent with Texas State standards and regulations set forth by the Texas Legislature and promulgated through the Texas Department of Information.
Resources under TAC 202, through an efficient and uniform data exchange methodology where feasible.
The TSDEC is established under TAC 202.
Creation of the TSDEC
House Bill 1912 (84(R)) mandated the creation of the Statewide Data Coordinator, who initiated the Statewide Data Program, which aims to enable a data sharing culture throughout all levels of Texas government and education, through sharing governance and security infrastructure.
Senate Bill 1844 (84(R)) established the Interagency Data Transparency Commission (IDTC) to review and study the data reporting practices of Texas state agencies. During the course of the IDTC's work, information was gathered through a survey of agency executive directors. The results and analysis of the survey provided valuable insights that led to recommendations to improve data sharing and other data related initiatives.
Recommendation 3.2.B of the Interagency Data Transparency Commission Report, issued September 1, 2016, includes the following:
3.2.B Establish a standard Memorandum of Understanding to improve the coordination of interagency data sharing. A standard Memorandum of Understanding (MOU) must be established and utilized when agencies are sharing data with each other for the first time.
In response to identified needs and recommendations by agencies' executive leadership around the state and gathered through the study, DIR, in coordination with the State Agency Coordinating Committee, developed the TSDEC for participating state agencies to improve the coordination of interagency data sharing.
The TSDEC Administrator is the Chief Data Officer of the State of Texas.
Texas Department of Information Resources
300 W 15th Street, Suite 1300 Austin, TX 78701
Laws Governing Information Protection
The laws governing the specific exchange of information will be stated within the TSDEC and the scope of information exchange among the agencies agreeing to the exchange.
Proposed Method of Addressing the Recommendation
The SACC Legal subcommittee proposed to establish a compact for Data Security Standards and common terms and conditions relating to data sharing for state agencies to follow. Benefits would include a one-time sign-on to the compact that would reduce time spent on negotiating standardized provisions with each transaction.
In response to these and other challenges, the SACC Legal subcommittee drafted the TSDEC, and beginning in 2017, the following agencies were among the first to sign as participating state agencies:
Department of Information Resources;
Department of Public Safety;
Texas Workforce Commission; and
Health and Human Services Commission.
These agencies recognized the benefits of the TSDEC in providing an orderly, efficient, and thorough mechanism for protecting data entrusted to state agencies.
Reasons for Exchanging State Agency Held Data
Data sharing among state agencies is for primarily one purpose - administration of laws, which includes:
Eligibility for services;
Fraud or other investigations; and
Audit, study, and evaluation.
What Participating in the TSDEC Means
Participating agencies sign the TSDEC to serve as the primary governance document under the Texas laws for the safeguarding of data shared among state agencies. The terms and conditions agreed to by the participating agencies represent the consistent safeguarding of exchanged data. The participating agencies may add specific statutory, regulatory, or other limitations applicable to the data in Attachment 1, Scope of Information Exchange. Use of the TSDEC is voluntary and subject to ensuring it is the right tool for the specific exchanges. It is designed to be a common ground from which agencies can start with the same baseline for compliance. It allows for resolving conflicting provisions in agency specific agreements where the differences in the agreements are not substantive and can cause unnecessary delays in achieving data exchange.
Safeguards Offered by the TSDEC
The TSDEC specifies that the receiving agency will establish, implement, and maintain administrative, physical, and technical safeguards to preserve and maintain the confidentiality, integrity, and availability of the confidential information disclosed to it by another state agency.
The TSDEC is designed to meet statutory safeguard requirements routinely applied to state agencies for data exchanges, including those required by TAC 202 and other state and federal data exchange laws.
Administering the TSDEC
DIR, through a committee of participating state agencies, will establish the template for the TSDEC, review it at least biennially to correspond with the Texas Legislature, and update the TSDEC through the State Agency Coordinating Committee as needed for changes in the evolving data security landscape. The TSDEC Administrator is designated to serve as the central contact for all updates.
How to Exchange Data Using the TSDEC
If a state agency to which a data exchange is made has signed the TSDEC, the participating agency may expedite the data exchange process by having the receiving agency also sign the TSDEC. Should any specific terms be needed relating to the exchange, those terms can be the focus of the discussion among the agencies and documented in Attachment 1, Scope of Information Exchange. If the TSDEC is appropriate for the data exchange, agencies can agree to use the TSDEC.
Changes in Circumstances
Participating state agencies may at any time determine that the use of the TSDEC is no longer appropriate for the specific data and are free to amend or terminate the TSDEC or pursue an alternate approach to protecting the data shared by the agencies.
|DIR-TSDEC-001||Department of Public Safety|
|DIR-TSDEC-002||Texas Workforce Commission|
|DIR-TSDEC-003||Department of Information Resources|
|DIR-TSDEC-004||Health and Human Services Commission|
|DIR-TSDEC-005||University of Texas System|
|DIR-TSDEC-006||Texas State Library & Archives Commission|
|DIR-TSDEC-007||Texas Department of Insurance|
|DIR-TSDEC-008||Teacher Retirement System of Texas|
|DIR-TSDEC-009||The University of Texas at Rio Grande Valley|
|DIR-TSDEC-010;||The University of Texas Health Science Center at Houston|
|DIR-TSDEC-011||The University of Texas at El Paso|
|DIR-TSDEC-012-TAMUSHSC||Texas A&M University Systems Health Science Center|
|DIR-TSDEC-013-DSHS||Texas Department of State Health Services|
|DIR-TSDEC-014-TAMU-RA||Texas A&M University Systems Research Administration|
|DIR-TSDEC-015-DFPS||Texas Department of Family and Protective Services|
|DIR-TSDEC-016-TTUHSC||Texas Tech University Health Sciences Center|
|DIR-TSDEC-017-SHSU||Sam Houston State University|
|DIR-TSDEC-018-TEA||Texas Education Agency|
|DIR-TSDEC-020-THSA||Texas Health Services Authority|