USA - Illinois
530/1 through 530/25 are enforced by the Illinois Attorney General. Violations of the statute are considered unlawful practices under the Consumer Fraud and Deceptive Business Practices Act and as such are subject to all applicable penalties under the Act. To that end, covered entities that fail to comply with the statutory requirements are subject to both monetary and civil liability penalties. This includes: Injunction; The inability to conduct business within Illinois; Civil penalties up to $50,000; Additional penalties of $50,000 per violation; Additional penalties of $10,000 per violation for acts committed against a person 65 years or older. Legislative Scope of the proposed Illinois Data Protection and Privacy Act (HB3385) The proposed Data Protection and Privacy Act (“DPPA”) applies to any entity that alone or jointly with others determines the purposes and means of collecting, processing, or transferring covered data (“covered entity”). A covered entity does not include a federal, State, tribal, territorial, or local government entity, or an entity acting as a service provider to the aforementioned government entity. The definition also does not include nonprofits, national resource centers, or clearinghouses providing assistance to various vulnerable groups as defined further in the bill.
The DPPA provides that a covered entity may not collect, process, or transfer covered data unless the collection, processing, or transfer is limited to what is reasonably necessary and proportionate. Definition of covered data Under the DPPA, “covered data” refers to information, including derived data and unique identifiers that identifies or is linked to, alone in combination with other information, to an individual or a device that identifies or is linked to an individual. Covered data does not include de- identified data, employee data, or publicly available information.
https://www.mcdonaldhopkins.com/
Made with FlippingBook - PDF hosting