Press "Enter" to skip to content

Illinois Legislature Passes Amendments to Data Breach Notification Law

On June 25, the Illinois Legislature sent Senate Bill 1624 to Gov. J. B. Pritzker.  The legislation adds a requirement to Illinois’ data breach notification law to notify the attorney general in the event of certain data breaches.  The bill will become law if not returned by the governor by Aug. 24, 2019.

The legislation would amend the Personal Information Protection Act, 815 ILCS 530/10, by requiring that any data collector who must inform more than 500 Illinois residents of a data breach also provide notice to the attorney general describing:

  1. the nature of the breach;
  2. the number of affected residents; and
  3. any steps taken or intended to be taken.

The notice must be provided “in the most expedient time possible and without unreasonable delay but in no event later than when the data collector provides notice to consumers pursuant to this Section.”

Under existing law, if the data collector owns or licenses personal information, notice of the breach must be provided “in the most expedient time possible and without unreasonable delay . . .”  815/ILCS 530/10(a).  If the data collector maintains or stores, but does not own or license the computerized data that includes personal information, notice of the breach must be given “immediately after discovery.” 815/ILCS 530/10(b).

The legislation allows the attorney general to “publish the name of the data collector that suffered the breach, the types of personal information compromised in the breach, and the date range of the breach.”

Print Friendly, PDF & Email

Eric Rosenkoetter is a principal at Maurice Wutscher LLP, and is focused on advising clients with respect to federal and state consumer financial protection laws and data privacy and security, and he is a Certified Information Privacy Professional though the International Association of Privacy Professionals. He also brings to the table experience as a litigator, chief compliance and ethics officer, director of legislative affairs, federal lobbyist, and administrative hearings officer. Eric earned his Juris Doctor from Washington University School of Law, and his Bachelor of Business Administration from Southern Methodist University. He is a member of the International Association of Privacy Professionals, the Receivables Management Association International (RMAI), and ACA International. He is admitted to practice law in Texas and Missouri and in the U.S. District Courts for the Northern, Southern, Eastern, and Western Districts of Texas. For more information, see https://mauricewutscher.com/attorneys/eric-rosenkoetter/

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.