On June 25, the Illinois Legislature sent Senate Bill 1624 to Gov. J. B. Pritzker. The legislation adds a requirement to Illinois’ data breach notification law to notify the attorney general in the event of certain data breaches. The bill will become law if not returned by the governor by Aug. 24, 2019.
The legislation would amend the Personal Information Protection Act, 815 ILCS 530/10, by requiring that any data collector who must inform more than 500 Illinois residents of a data breach also provide notice to the attorney general describing:
the nature of the breach;
the number of affected residents; and
any steps taken or intended to be taken.
The notice must be provided “in the most expedient time possible and without unreasonable delay but in no event later than when the data collector provides notice to consumers pursuant to this Section.”
Under existing law, if the data collector owns or licenses personal information, notice of the breach must be provided “in the most expedient time possible and without unreasonable delay . . .” 815/ILCS 530/10(a). If the data collector maintains or stores, but does not own or license the computerized data that includes personal information, notice of the breach must be given “immediately after discovery.” 815/ILCS 530/10(b).
The legislation allows the attorney general to “publish the name of the data collector that suffered the breach, the types of personal information compromised in the breach, and the date range of the breach.”
Eric Rosenkoetter is a principal at Maurice Wutscher LLP, where he provides counsel to businesses and consumer financial services firms nationwide. For many years, he has focused his practice on various aspects of financial services law. As a litigation attorney, he has conducted every aspect of the litigation process, including countless depositions, motion proceedings, bench and jury trials, and appeals in various courts. In addition, he has significant experience as a compliance and transactional attorney, providing strategic, business growth, legislative, compliance and regulatory advice to national corporations and trade associations. For example, he has drafted consumer contracts and disclosures designed to state-specific statutory requirements, and developed “Best Practices” guides and state-by-state compliance grids, for national financial services companies. He also conducted research and crafted a metrics report for a national trade association with analysis designed to counter the claims of advocacy groups. Eric’s experience also includes working for a national corporation as Executive Counsel, Chief Compliance and Ethics Officer, and Director of Legislative Affairs, and as a federal lobbyist and Director of Government and Public Affairs for a national financial services trade association. In the government sector, Eric presided over approximately 6,000 state administrative hearings, served as a staff attorney for the Missouri Senate, and handled litigation in 33 counties as a regional managing attorney. Eric frequently speaks to audiences on topics relevant to the financial services industry including regulatory compliance, data privacy law and related advocacy initiatives. For more information, see https://mauricewutscher.com/attorneys/eric-rosenkoetter/
On June 25, the Illinois Legislature sent Senate Bill 1624 to Gov. J. B. Pritzker. The legislation adds a requirement to Illinois’ data breach notification law to notify the attorney general in the event of certain data breaches. The bill will become law if not returned by the governor by Aug. 24, 2019.