USA - Illinois A data collector that owns or licenses personal information concerning an Illinois resident is responsible for securely maintaining that information, and notify the resident in the event of a breach of the security of the system data following discovery of the breach. The notification must be made expediently and without unreasonable delay. Notice to individuals may be provided in one of the following ways: Written notice; Electronic notice, if it is consistent with the provisions regarding electronic records and signatures for notices legally required to be in writing as set forth in Section 7001 of Title 15 of the United States Code; or Substitute notice, if the data collector can demonstrate that the cost of providing notice would exceed $250,000 or if the notice population exceeds 500,000. Substitute notice can also be provided in the event the data collector does not have sufficient contact information. Substitute notice can include: o Email notice; o Conspicuous notice posted on the data collector’s web page; or o Notification to major state wide media, or local media if the breach impacts residents in one geographic area. Notification to more than 500 Illinois residents as a result of a single breach requires the covered entity
provide notice to the Attorney General. Such notification must include a description of the breach, the number of Illinois residents impacted, and steps the data collector has taken in relation to the incident. The Attorney General may make this information public. State Agency PIPA contemplates the roles and responsibilities of state agencies. Under the statute, any State agency that collects personal information concerning an Illinois resident is required to provide notice in the event of a breach of the security of the system data or written material following discovery of the breach. The notification must be made expediently and without unreasonable delay. Any State agency that notifies more than 1,000 individuals in connection with a single breach is required to notify all consumer reporting agencies that compile and maintain files on consumers on a nationwide basis, as defined by 15 U.S.C. Section 1681a(p). Further, any State agency that suffers a single breach of the security of the data concerning the personal information of more than 250 Illinois residents must provide notice to the Attorney General with the information described above. Regulatory Authorities and consequences of non-compliance The provisions set forth in 815 ILCS §§
https://www.mcdonaldhopkins.com/
Made with FlippingBook - PDF hosting