Texas Department of Housing & Community Affairs - Building Homes and Strengthening Communities

INSTRUCTIONS FOR USING
THE TDHCA INFORMATION SECURITY AND
PRIVACY AGREEMENT

The purpose of the TDHCA Information Security and Privacy Agreement (ISPA) is to ensure the security and privacy of Protected Information belonging to persons who do business with the Department. As described on this web page, the ISPA applies to organizations that contract with TDHCA and maintain Protected Information in their systems or facilities. Rule 10 TAC §1.24 is referenced on this web page. The Texas Administrative Code is available on the Texas Secretary of State website at https://www.sos.state.tx.us/tac/index.shtml.

  1. WHO NEEDS TO EXECUTE THE ISPA:

    Any Contractor, who creates or has access to Protected Information, as that term is defined in 10 TAC §1.24 (Information Security and Privacy Requirements), must execute and submit an ISPA. For a person who is a Contractor on account of having an existing CMTS Filing Agreement, it is the owner of the development that must sign the ISPA. An owner need only sign one ISPA to cover all of its TDHCA-monitored properties. Property management companies should not execute the ISPA unless they are both the owner and property manager. An executable form of the ISPA may be downloaded HERE.

  2. HOW DO I KNOW IF MY CONTRACT GIVES ME ACCESS TO PROTECTED INFORMATION?

    All of the types of Protected Information are defined in 10 TAC §1.24(b) (Definitions). They are listed here for convenience. Please refer to the rule for more detailed descriptions of each information type:

    • Criminal History Records Information
    • Financial Statements of a Tax Credit Applicant
    • Non-Public Personal Information
    • Personal Identifying Information
    • Personal or Business Financial Information
    • Protected Health Information
    • Sensitive Personal Information
    • Victims of Violence Information
    • Weatherization Assistance Program (WAP) Application and Participant Information

    (For help in clarifying whether information you create or access pursuant to your contract with the Department falls into one of the above categories, call Jeff Pender, Deputy General Counsel at (512) 475-4752.)

  3. TO WHOM SHOULD THE EXECUTED ISPA BE RETURNED?

    To Jeff Pender at jeff.pender@tdhca.state.tx.us. We will return a fully executed copy you.

  4. WHEN IS THE DEADLINE FOR SUBMITTING AN EXECUTED ISPA TO THE DEPARTMENT?
    • Contractors with contracts already in force and effect on July 29, 2019:
      No later than January 27, 2020
    • Contractors with Contracts that become effective after July 29, 2019:
      No later than the date the new contract is fully executed

NOTE: AN ISPA IS EFFECTIVE AS LONG AS YOU HAVE ACCESS TO ANY DEPARTMENT PROTECTED INFORMATION. IF YOU ENTER INTO AN ADDITIONAL CONTRACT WITH THE DEPARTMENT WHILE THE CURRENT ISPA IS IN EFFECT, THERE IS NO NEED TO EXECUTE ANOTHER ISPA TO COVER YOUR ACTIVITIES UNDER THE NEW CONTRACT