Sen. Daniel Biss

Filed: 4/10/2015

 

 


 

 


 
09900SB1833sam001LRB099 09064 JLS 33138 a

1
AMENDMENT TO SENATE BILL 1833

2    AMENDMENT NO. ______. Amend Senate Bill 1833 on page 3,
3line 2, by changing "obtained" to "acquired without
4authorization"; and
 
5on page 4, line 14, by changing "information" to "information,
6excluding geolocation information and consumer marketing
7information,"; and
 
8on page 4 by replacing lines 23 through 25 with the following:
9"not be limited to, information as follows:
10        (1) With respect to personal information as defined in
11    Section 5 in paragraph (1) of the definition of "personal
12    information":
13            (A) (i) the toll-free numbers and addresses for
14        consumer reporting agencies; ,
15            (B) (ii) the toll-free number, address, and
16        website address for the Federal Trade Commission; , and

 

 

09900SB1833sam001- 2 -LRB099 09064 JLS 33138 a

1            (C) (iii) a statement that the individual can
2        obtain information from these sources about fraud
3        alerts and security freezes.
4        The notification shall not, however, include
5    information concerning the number of Illinois residents
6    affected by the breach.
7        (2) With respect to personal information defined in
8    Section 5 in paragraph (2) of the definition of "personal
9    information", notice may be provided in electronic or other
10    form directing the Illinois resident whose personal
11    information has been breached to promptly change his or her
12    username or password and security question or answer, as
13    applicable, or to take other steps appropriate to protect
14    all online accounts for which the resident uses the same
15    user name or email address and password or security
16    question and answer."; and
 
17on page 5 by deleting lines 1 through 5; and
 
18on page 7 by replacing lines 13 through 16 with the following:
19        "(1) Any data collector that suffers a breach of the
20    security of the data concerning the personal information of
21    more than 250 Illinois residents shall provide notice to
22    the Attorney General of the"; and
 
23on page 7, line 24, by replacing "14" with "30"; and
 

 

 

09900SB1833sam001- 3 -LRB099 09064 JLS 33138 a

1on page 8 by replacing lines 8 through 10 with the following:
2"personal information that suffers a breach of the security of
3the data concerning the personal information of more than 250
4Illinois residents shall notify the Attorney"; and
 
5on page 8, line 21, by changing "14" to "30"; and
 
6on page 9 by inserting immediately below line 2 the following:
7    "(f) A data collector that suffers a breach subject to the
8breach notification standards established pursuant to the
9federal Health Information Technology Act, 42 U.S.C. Section
1017932, shall be deemed to be in compliance with the provisions
11of this Section if that data collector does the following: (1)
12provides notification to individuals in compliance with the
13federal Health Information Technology Act and implementing
14regulations and (2) provides notification to the Attorney
15General pursuant to subsection (e)."; and
 
16on page 9 by inserting immediately below line 25 the following:
17    "(d) A data collector that is subject to and in compliance
18with the security standards for the protection of electronic
19health information, 45 C.F.R. Parts 160 and 164, established
20pursuant to the federal Health Insurance Portability and
21Accountability Act of 1996 shall be deemed to be in compliance
22with the provisions of this Section.

 

 

09900SB1833sam001- 4 -LRB099 09064 JLS 33138 a

1    (e) A data collector that is subject to and in compliance
2with the standards established pursuant to Section 501(b) of
3the Gramm-Leach-Bliley Act of 1999, 15 U.S.C. Section 6801,
4shall be deemed to be in compliance with the provisions of this
5Section.".