ILN Data Privacy Paper

USA - Illinois

If passed, the DPPA would enable the Attorney General to adopt rules for purposes of carrying out the Act. This would include adjusting definitions, updating or adding categories to definitions, establishing rules and procedures to facilitate an individual’s ability to delete or correct covered data, and establishing additional exceptions to protect the rights of individuals. Additionally, any person subject to a violation of the DPPA could bring a civil action against the violating entity. If the plaintiff prevails, the court may award the plaintiff compensatory, liquidated or punitive damages. In addition, a court could award injunctive relief, declaratory relief, and/or attorney’s fees. Consequences of non-compliance The Attorney General, State’s Attorney, or municipality’s attorney may bring a civil action against any covered entity that violates the DPPA. Penalties include: Enjoining violating acts; Enforcing compliance with the DPPA; Obtaining damages, civil penalties, restitution, or other compensation on behalf of residents of Illinois; Obtaining reasonable attorneys’ fees or other litigation costs. Regulatory Authorities

Designating maintain

an

officer

to

and

implement

practices; Implementing procedures to detect, respond to, and recover from security incidents. Minors’ Data A covered entity would not be permitted to engage in targeted advertising to known minors. Moreover, under the bill, a covered entity may not transfer covered data of a covered minor to a third party without affirmative express consent of the minor’s guardian, with some exceptions.

https://www.mcdonaldhopkins.com/

Made with FlippingBook - PDF hosting