USA - Illinois
Under the bill, a covered entity may not collect, process, or transfer data in a discriminatory manner. Data storage and retention timelines Covered data must be disposed when it is no longer necessary for the purpose for which it was collected, processed, or transferred, unless an individual has provided affirmative express consent to retention. Such disposal includes permanently destroying or otherwise modifying the data to make it permanently indecipherable. Data protection and security practices and procedures The DPPA would require a covered entity to establish, implement, and maintain reasonable data security practices to protect the covered data against unauthorized access or acquisition. If passed, practices should include: Identifying and assessing material risks and vulnerabilities in security systems; Taking preventative corrective actions to mitigate foreseeable risks; Disposing of covered data when it is no longer necessary for the purpose for which it was collected, processed, or transferred, unless affirmative express consent was obtained for additional retention; Providing employee training to safeguard covered data;
Designating maintain
an
officer
to
and
implement
practices; Implementing procedures to detect, respond to, and recover from security incidents. Minors’ Data A covered entity would not be permitted to engage in targeted advertising to known minors. Moreover, under the bill, a covered entity may not transfer covered data of a covered minor to a third party without affirmative express consent of the minor’s guardian, with some exceptions.
https://www.mcdonaldhopkins.com/
Made with FlippingBook - PDF hosting