1. Governing Regulations
This procedure is governed by Governor Abbott’s directive on prohibited technologies issued December 7, 2022.
2. Definitions
2.1 See Administrative Procedure 50.01, Section 2 for definitions of critical terms
2.2 See Administrative Procedure 50.01, Section 3 for definitions of data classifications.
2.3 See Administrative Procedure 50.01, Section 4 for definitions of data availability.
2.4 Sensitive Location: Any location, physical or logical, that is used to discuss Confidential or Internal Use information of a sensitive nature that must be protected from unauthorized disclosure or public release.
3. Identification of Sensitive Locations
3.1 The agency must identify, catalog, and label locations designated as “sensitive locations” where sensitive information may be discussed. The Information Resources (IR) Department Head is responsible for maintaining the catalog of designated sensitive locations. The IR Department Head will work with other Department Heads to ensure the catalog is complete and accurate. The catalog will be reviewed on a periodic basis.
3.2 Information owners must identify the information under their control that requires protection from unauthorized disclosure. Such information may only be discussed within a designated sensitive location. Information owners are responsible for informing Department Heads of their information that is sensitive in nature and should not be discussed outside of a sensitive location.
3.3 Personal computing devices (including laptops, cell phones, and tablets) are prohibited from entering designated sensitive locations when discussions involving sensitive information take place. This includes using a personal device to connect to a virtual meeting where sensitive information may be discussed.
3.4 Visitors and contractors granted access to sensitive locations are subject to the same limitations as employees and contractors regarding personal computing devices entering sensitive locations.
4. Disciplinary Action
4.1 Failure to comply with this procedure may result in disciplinary action by the agency.
4.2 Consequences may include administrative actions, such as loss of access privileges, and/or disciplinary actions up to and including termination of employment.