Topic:
Personal Information Protection Act
(Biss, D-Skokie; Williams, D-Chicago) will expand the type of information that triggers a breach notification to consumers, including medical information outside of federal privacy laws, biometric data, contact information if combined with identifying information, and login credentials for online accounts. The bill also requires entities holding sensitive information to take “reasonable” steps to protect the information, to post a privacy policy describing their data collection practices, and to notify the Attorney General’s office when breaches occur. Entities will also have to notify the Attorney General’s Office in the event of a breach of geolocation information or consumer marketing information. Passed both chambers.