On May 27, 2019, the Illinois General Assembly voted 79-32 to approve Senate Bill 1624, an amendment to the Personal Information Protection Act (“PIPA”). The bill’s sponsor, Senator Suzy Glowiak (D), expects Illinois Governor J.B. Pritzker (D) to sign the bill into law in short order. The amendment had already unanimously passed the state Senate last month.
Section 10 of PIPA requires any government agency, public and private university, publicly or privately held corporation, financial institution or retail operator that handles, collects, disseminates, or otherwise deals with non-public personal information to notify affected Illinois residents following a data breach. The amendment strengthens those obligations by requiring data collectors to also notify the Office of the Attorney General of any breach affecting more than 500 Illinois residents.
Under the amendment, data collectors must provide the Attorney General with a description of the breach, the number of affected residents and details of any steps taken related to the incident. The amendment grants the Attorney General authority to publish the name of the data collector, the types of personal information compromised and other relevant information that will further ensure that residents are notified of the breach in a timely manner.
Senator Glowiak explained that increased notification requirements help to ensure that consumers are aware of the risks and have ample time to change their passwords or close accounts. She continued, “companies store our sensitive information on their servers. If this information gets in the hands of cybercriminals, consumers can end up dealing with years of identity theft and financial loss. Such breaches should be reported immediately for the same reasons that burglaries or car accidents should.”