USA - Illinois
universities, financial institutions, and retail operators. Definition of personal information Under PIPA, “personal information” is defined as an individual’s first name or first initial and last name in combination with any one or more of the following data elements when not encrypted or redacted: Social Security number. Driver's license number or State identification card number. Account number or credit or debit card number, or an account number or credit card number in combination with any required security code, access code, or password that would permit access to an individual's financial account. Medical information. Health insurance information. Unique biometric data generated from measurements or technical analysis of human body characteristics used by the owner or licensee to authenticate an individual, such as a fingerprint, retina or iris image, or other unique physical representation or digital representation of biometric data. Personal information also includes a user name or email address, in combination with a password or security question and answer that would permit access to an online account.
Privacy Act (HB3385) was introduced by Rep. Abdelnasser Rashid in the 2023 House session. If passed, the bill would implement data minimization practices. Additionally, the bill outlines data subjects’ rights, including the right to access, rectification, deletion, data portability, and object to data processing. The bill also includes protections for minors, including a prohibition against engaging in targeted advertising if the covered entity is aware that the individual is a minor, or transferring the data of a minor to a third party without express consent from a parent or guardian. The bill further addresses the establishment of more practical data security practices, such as employee trainings. If passed, the bill would provide significant protections to Illinois residents. Legislative Scope of the Illinois Personal Information Protection Act (815 ILCS 530/) The Illinois general data breach notification statute, PIPA, applies to any data collector that owns or licenses computerized personal information concerning an Illinois resident (“covered entity”). A data collector is any entity that handles, collects, disseminates, or otherwise deals with nonpublic personal information for any purpose, including but not limited to corporations, government agencies,
https://www.mcdonaldhopkins.com/
Made with FlippingBook - PDF hosting