Enhance your TRUST relationship with PRIVACY and SECURITY. Privacy Made Simple!

   +1 866 267 0049   830 NE Pop Tilton Place, Jensen Beach, FL 34957

Illinois
Privacy Laws

Overview

BREACH NOTIFICATION – Mandated Timeframe
Without unreasonable delay

FINES & PENALTIES – Violations
$100 up to $50,000

Legal

Regulation Levels

  • Breach Reporting

    Breach Reporting

  • Consumer Notification

    Consumer Notification

  • Vendor Management

    Vendor Management

  • Vendor Contract Required

    Vendor Contract Required

PRIVACY AND SECURITY LAWS

Laws related to personal information and privacy and security.

QUICK FACTS

Illinois Privacy Law Information

PRIVACY PROGRAM

Organizations must contract with Vendors if they disclose personal information including data disposal vendors. Organizations and their contracted vendors must implement and maintain reasonable security measures to protect personal information from unauthorized access, acquisition, destruction, use, modification, or disclosure and must have measures in place for the secure disposal of personal information making so it cannot be read or reconstructed. Organizations in possession of biometric identifiers must ensure measures are in place for the storage, disclosure and protection of biometric identifiers. In addition, they must have a publicly available written policy that states their retention schedule and disposal guidelines.

CONSUMER RIGHTS

Sector-specific regulations provide for an individual’s right to access their personal information. A private right of action can be brought with fines up to $5,000 or actual damages for violations of the Biometric Information Privacy Act.

BREACH REPORTING

Organizations that experience a breach, internally or through a third party, are responsible for all regulatory reporting and consumer notification for breaches of personal information involving more than 500 Illinois residents. Reporting must be submitted to the Attorney General without delay, but no later than when the breach notification is provided to affected consumers. Reporting must include the nature of the breach, the number of affected residents and any mitigation actions. Vendors must notify Organizations upon discovery of a breach or suspected breach. Vendors must cooperate with Organizations and provide all necessary information relative to the breach or suspected breach.

CONSUMER NOTIFICATION

If your breach affects residents in other jurisdictions, those individuals must be notified based on the breach notification laws of the jurisdiction where they reside.

INDUSTRY SPECIFIC LAWS

Vendors contracted to dispose of an Organization’s records containing personal information must maintain policies and procedures for the protection of the records from unauthorized access, acquisition, or use while in the Vendor’s possession and during disposal.

FINES & PENALTIES

Violations of the Personal Information Protection regulations constitute an unlawful practice under the Illinois Consumer Fraud and Deceptive Business Practices Act. Violations of the disposal regulations may result in a civil penalty of up to $100 for each affected individual, up to $50,000 for each instance of improper disposal. The Attorney General may publish the names of organizations who experience a data breach, type of information involved, including data range. Organizations may be fined or penalized for Vendor violations.

Illinois Statutes and Laws

105 ILCS 10

Illinois School Students Records Act

105 ILCS 85

Student Online Personal Protection Act

740 ILCS 14

Biometric Information Privacy Act

815 ILCS 505

Consumer Fraud and Deceptive Business Practices Act

815 ILCS 530

Personal Information Protection Act

815 ILCS 530/10

Notice of breach

815 ILCS 530/40

Disposal of materials containing personal information; Attorney General

815 ILCS 530/45

Data security

815 ILCS 530/50

Entities subject to the federal Health Insurance Portability and Accountability Act of 1996

DISCLAIMER

The information provided is not legal guidance or recommendations and are for informational purposes only.