Illinois
| Personal Information Protection Act | |
|---|---|
| CITATION | Illinois Compiled Statutes: § 530/1 et seq. |
| ENACTED | 2005 |
| SUMMARY | Any data collector that owns or licenses personal information concerning an Illinois resident shall notify the resident that there has been a breach of the security of the system data following discovery or notification of the breach. The disclosure notification shall be made in the most expedient time possible and without unreasonable delay, consistent with any measures necessary to determine the scope of the breach and restore the reasonable integrity, security, and confidentiality of the data system. Any data collector that maintains computerized data that includes personal information that the data collector does not own or license shall notify the owner or licensee of the information of any breach of the security of the data immediately following discovery, if the personal information was, or is reasonably believed to have been, acquired by an unauthorized person. |
| DATA COVERED |
Definition of Personal Information: An individual's first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted or redacted:
|
| INDUSTRY | The law applies to all ‘Data Collectors’. A Data Collector is defined as government agencies, public and private universities, institutions, retail operators, and any other entity that, for any purpose, handles, collects, disseminates, or otherwise deals with nonpublic personal information. |
| PENALTIES | A violation constitutes an unlawful practice under the Consumer Fraud and Deceptive Business Practices Act. A plaintiff may obtain an injunction, costs and attorneys’ fees. |
