justice scale justice scale justice scale

McKenna Minutes

“The life of the law has not been logic; it has been experience.”

-Oliver Wendell Holmes, Jr.

Illinois Legislature Debates Stronger Data Breach Notification Law


Proposed legislation currently under consideration by the Illinois General Assembly would amend Illinois’ Personal Information Protection Act (PIPA) by expanding the law’s definition of personal information and by requiring new disclosure and security requirements on data collectors. Senate Bill 1833 passed the Illinois State Senate on April 21, 2015 by a 35-13 vote. On May 19, 2015, the House Judiciary Committee recommended the bill for adoption. The bill is currently awaiting consideration by the full House.

PIPA was originally passed in 2005. It requires entities that suffer a data breach to notify Illinois residents if the breached information includes residents’ drivers’ license numbers, social security numbers or financial account information. Illinois Attorney General Lisa Madigan is now seeking to strengthen the law due to the increased frequency and sophistication of data breaches since the law was first enacted. "In the last several years, data breaches have become far too frequent," Madigan said. "It is imperative that we strengthen the state's data breach notification laws to ensure that people are informed of breaches so they can take steps to minimize the risk of identity theft."

Senate Bill 1833, drafted by Attorney General Madigan, expands the types of information that trigger breach notifications when accessed without authorization. The expanded definition includes medical information outside of federal privacy laws, biometric data, sensitive consumer marketing data, and contact information when combined with identifying information and login credentials for online accounts. Along with the expanded definition of personal information requiring notification, covered entities also must take reasonable steps to protect information, post a privacy policy and notify the Illinois Attorney General following a breach. Madigan plans to take this information and create a website listing every data breach that affects Illinois residents. The proposed changes will give Illinois one of the strongest data breach notification laws in the country.

We will continue to monitor the status of this bill and will report on any future developments.

Categories Legal Updates Privacy and Data Security Litigation

One Response to “Illinois Legislature Debates Stronger Data Breach Notification Law”

  1. Illinois Governor Vetoes Amendment to Data Breach Law | McKenna Storer

    […] Bill 1833 (SB 1833), the proposed amendment to Illinois’ Personal Information Protection Act. As previously discussed in this blog, SB 1833 seeks to strengthen Illinois’ data breach notification law by expanding the types of […]

Leave a Reply

You must be logged in to post a comment.

Here to help with whatever your legal issues may be, schedule your no-obligation consultation or Simply Call us at.
Chicago: (312) 558-3900 or Woodstock: (815) 334-9694

  • Hidden
  • Hidden

Please do not send confidential information via email. The sending of information by you, and the receipt of it by McKenna Storer, is not intended to, and does not create a lawyer-client relationship.

Privacy Policy | Sitemap © 2021 McKenna Storer
Show Buttons
Hide Buttons