USA - Illinois
“Sensitive covered data” refers to the following: A government-issued identifier, such as a Social Security number, passport number, or driver's license number; Any information that describes or reveals the health condition or diagnosis of an individual; Financial account number or credit or debit card number; Precise geolocation information; Private communications such as text messages; Account or device log-in credentials; Information identifying sexual behaviour; Calendar information, address book information, audio recordings, or videos maintained for private use, regardless of what information is contained therein; Photos or videos showing nudity or partial nudity of an individual; Information revealing the video content requested or selected by an individual collected by a covered entity that is not a provider of a service; Information about an individual when the covered entity or service provider knows the individual is a covered minor; Race, color, ethnicity, religion, or union membership; Information identifying an individual’s online activity over time and across websites; Biometric information; Genetic information;
Any other covered data collected, processed, or transferred for the purpose of identifying the types of covered data described above. Extra-territorial application If passed, the DPPA would apply to covered entities that collect, process, or transfer covered data of Illinois residents, regardless of the location of the entity. Legislative Framework Requirements for Data Collection, Processing, or Transfer Should the DPPA pass, it would only allow for the collection, processing, or transfer of covered data to the extent it is reasonably necessary and proportionate to provide a specific product or service requested by the individual. The bill describes specific scenarios in which data collection, processing, or transfer would be legitimate. The DPPA also prohibits a covered entity from transferring covered data without obtaining an individual’s affirmative express consent. Moreover, an individual must have the means to withdraw any affirmative express consent previously provided with respect to the processing or transfer of covered data. Notwithstanding this, a covered entity that directly engages in collection, processing, or transfer activities enumerated in the bill need not allow opt-out mechanisms.
https://www.mcdonaldhopkins.com/
Made with FlippingBook - PDF hosting