Proposed legislation currently under consideration by the Illinois General Assembly would amend Illinois’ Personal Information Protection Act (PIPA) by expanding the law’s definition of personal information and by requiring new disclosure and security requirements on data collectors. Senate Bill 1833 passed the Illinois State Senate on April 21, 2015 by a 35-13 vote. On May 19, 2015, the House Judiciary Committee recommended the bill for adoption. The bill is currently awaiting consideration by the full House.
PIPA was originally passed in 2005. It requires entities that suffer a data breach to notify Illinois residents if the breached information includes residents’ drivers’ license numbers, social security numbers or financial account information. Illinois Attorney General Lisa Madigan is now seeking to strengthen the law due to the increased frequency and sophistication of data breaches since the law was first enacted. “In the last several years, data breaches have become far too frequent,” Madigan said. “It is imperative that we strengthen the state’s data breach notification laws to ensure that people are informed of breaches so they can take steps to minimize the risk of identity theft.”
We will continue to monitor the status of this bill and will report on any future developments.