Proposed legislation currently under consideration by the Illinois General Assembly would amend Illinois’ Personal Information Protection Act (PIPA) by expanding the law’s definition of personal information and by requiring new disclosure and security requirements on data collectors. Senate Bill 1833 passed the Illinois State Senate on April 21, 2015 by a 35-13 vote. On May 19, 2015, the House Judiciary Committee recommended the bill for adoption. The bill is currently awaiting consideration by the full House.
PIPA was originally passed in 2005. It requires entities that suffer a data breach to notify Illinois residents if the breached information includes residents’ drivers’ license numbers, social security numbers or financial account information. Illinois Attorney General Lisa Madigan is now seeking to strengthen the law due to the increased frequency and sophistication of data breaches since the law was first enacted. “In the last several years, data breaches have become far too frequent,” Madigan said. “It is imperative that we strengthen the state’s data breach notification laws to ensure that people are informed of breaches so they can take steps to minimize the risk of identity theft.”
Senate Bill 1833, drafted by Attorney General Madigan, expands the types of information that trigger breach notifications when accessed without authorization. The expanded definition includes medical information outside of federal privacy laws, biometric data, sensitive consumer marketing data, and contact information when combined with identifying information and login credentials for online accounts. Along with the expanded definition of personal information requiring notification, covered entities also must take reasonable steps to protect information, post a privacy policy and notify the Illinois Attorney General following a breach. Madigan plans to take this information and create a website listing every data breach that affects Illinois residents. The proposed changes will give Illinois one of the strongest data breach notification laws in the country.
We will continue to monitor the status of this bill and will report on any future developments.
