Topic:
Illinois Personal Information Protection Act
(Burke, D-Oak Lawn; Maloney, D-Chicago) requires entities that suffer security breaches to notify affected individuals without unreasonable delay. The law now includes several specific requirements for those breach notification letters. “The disclosure notification to an Illinois resident shall include, but need not be limited to, (i) the toll-free numbers and addresses for consumer reporting agencies, (ii) the toll-free number, address, and website address for the Federal Trade Commission, and (iii) a statement that the individual can obtain information from these sources about fraud alerts and security freezes. The notification shall not, however, include information concerning the number of Illinois residents affected by the breach.” The Act also requires entities to properly dispose of paper documents and electronic data in such a way as to render personal information unreadable or indecipherable. State and local government agencies are subject to the requirements of this Act. Effective January 1, 2012.