101ST GENERAL ASSEMBLY State of Illinois 2019 and 2020 HB4444   Introduced 2/3/2020, by Rep. Jaime M. Andrade, Jr.   SYNOPSIS AS INTRODUCED:   5 ILCS 140/7   from Ch. 116, par. 207 20 ILCS 1370/1-65 new 20 ILCS 1370/1-70 new 20 ILCS 1370/1-75 new 20 ILCS 1375/5-25 20 ILCS 1375/5-30 new 30 ILCS 105/5.930 new 30 ILCS 500/55-25 new     Amends the Freedom of Information Act. Modifies the exemptions from inspection and copying concerning cybersecurity vulnerabilities. Amends the Department of Innovation and Technology Act. Authorizes the Department of Innovation and Technology to accept grants and donations. Creates the Technology, Education, and Cybersecurity Fund as a special fund in the State treasury to be used by the Department of Innovation and Technology to promote and effectuate information technology activities. Requires a local government official or employee to be chosen to act as the primary point of contact for local cybersecurity issues. Amends the Illinois Information Security Improvement Act. Requires the Secretary of Innovation and Technology to establish a cybersecurity liaison program to advise and assist units of local government and school districts concerning specified cybersecurity issues. Provides for cybersecurity training for employees of counties, municipalities, and school districts. Amends the Illinois Procurement Code. Provides that State agencies are prohibited from purchasing any products that, due to cybersecurity risks, are prohibited for purchase by federal agencies pursuant to a United States Department of Homeland Security Binding Operational Directive. Amends the State Finance Act to provide for the Technology, Education, and Cybersecurity Fund. LRB101 19389 RJF 68861 b FISCAL NOTE ACT MAY APPLY     A BILL FOR
HB4444 LRB101 19389 RJF 68861 b
1		AN ACT concerning State government.
2		Be it enacted by the People of the State of Illinois,
3		represented in the General Assembly:
4		Section 5. The Freedom of Information Act is amended by
5		changing Section 7 as follows:
6		(5 ILCS 140/7)  (from Ch. 116, par. 207)
7		Sec. 7. Exemptions.
8		(1) When a request is made to inspect or copy a public
9		record that contains information that is exempt from disclosure
10		under this Section, but also contains information that is not
11		exempt from disclosure, the public body may elect to redact the
12		information that is exempt. The public body shall make the
13		remaining information available for inspection and copying.
14		Subject to this requirement, the following shall be exempt from
15		inspection and copying:
16		(a) Information specifically prohibited from
17		disclosure by federal or State law or rules and regulations
18		implementing federal or State law.
19		(b) Private information, unless disclosure is required
20		by another provision of this Act, a State or federal law or
21		a court order.
22		(b-5) Files, documents, and other data or databases
23		maintained by one or more law enforcement agencies and

HB4444 - 2 - LRB101 19389 RJF 68861 b
1		specifically designed to provide information to one or more
2		law enforcement agencies regarding the physical or mental
3		status of one or more individual subjects.
4		(c) Personal information contained within public
5		records, the disclosure of which would constitute a clearly
6		unwarranted invasion of personal privacy, unless the
7		disclosure is consented to in writing by the individual
8		subjects of the information. "Unwarranted invasion of
9		personal privacy" means the disclosure of information that
10		is highly personal or objectionable to a reasonable person
11		and in which the subject's right to privacy outweighs any
12		legitimate public interest in obtaining the information.
13		The disclosure of information that bears on the public
14		duties of public employees and officials shall not be
15		considered an invasion of personal privacy.
16		(d) Records in the possession of any public body
17		created in the course of administrative enforcement
18		proceedings, and any law enforcement or correctional
19		agency for law enforcement purposes, but only to the extent
20		that disclosure would:
21		(i) interfere with pending or actually and
22		reasonably contemplated law enforcement proceedings
23		conducted by any law enforcement or correctional
24		agency that is the recipient of the request;
25		(ii) interfere with active administrative
26		enforcement proceedings conducted by the public body

HB4444 - 3 - LRB101 19389 RJF 68861 b
1		that is the recipient of the request;
2		(iii) create a substantial likelihood that a
3		person will be deprived of a fair trial or an impartial
4		hearing;
5		(iv) unavoidably disclose the identity of a
6		confidential source, confidential information
7		furnished only by the confidential source, or persons
8		who file complaints with or provide information to
9		administrative, investigative, law enforcement, or
10		penal agencies; except that the identities of
11		witnesses to traffic accidents, traffic accident
12		reports, and rescue reports shall be provided by
13		agencies of local government, except when disclosure
14		would interfere with an active criminal investigation
15		conducted by the agency that is the recipient of the
16		request;
17		(v) disclose unique or specialized investigative
18		techniques other than those generally used and known or
19		disclose internal documents of correctional agencies
20		related to detection, observation or investigation of
21		incidents of crime or misconduct, and disclosure would
22		result in demonstrable harm to the agency or public
23		body that is the recipient of the request;
24		(vi) endanger the life or physical safety of law
25		enforcement personnel or any other person; or
26		(vii) obstruct an ongoing criminal investigation

HB4444 - 4 - LRB101 19389 RJF 68861 b
1		by the agency that is the recipient of the request.
2		(d-5) A law enforcement record created for law
3		enforcement purposes and contained in a shared electronic
4		record management system if the law enforcement agency that
5		is the recipient of the request did not create the record,
6		did not participate in or have a role in any of the events
7		which are the subject of the record, and only has access to
8		the record through the shared electronic record management
9		system.
10		(e) Records that relate to or affect the security of
11		correctional institutions and detention facilities.
12		(e-5) Records requested by persons committed to the
13		Department of Corrections, Department of Human Services
14		Division of Mental Health, or a county jail if those
15		materials are available in the library of the correctional
16		institution or facility or jail where the inmate is
17		confined.
18		(e-6) Records requested by persons committed to the
19		Department of Corrections, Department of Human Services
20		Division of Mental Health, or a county jail if those
21		materials include records from staff members' personnel
22		files, staff rosters, or other staffing assignment
23		information.
24		(e-7) Records requested by persons committed to the
25		Department of Corrections or Department of Human Services
26		Division of Mental Health if those materials are available

HB4444 - 5 - LRB101 19389 RJF 68861 b
1		through an administrative request to the Department of
2		Corrections or Department of Human Services Division of
3		Mental Health.
4		(e-8) Records requested by a person committed to the
5		Department of Corrections, Department of Human Services
6		Division of Mental Health, or a county jail, the disclosure
7		of which would result in the risk of harm to any person or
8		the risk of an escape from a jail or correctional
9		institution or facility.
10		(e-9) Records requested by a person in a county jail or
11		committed to the Department of Corrections or Department of
12		Human Services Division of Mental Health, containing
13		personal information pertaining to the person's victim or
14		the victim's family, including, but not limited to, a
15		victim's home address, home telephone number, work or
16		school address, work telephone number, social security
17		number, or any other identifying information, except as may
18		be relevant to a requester's current or potential case or
19		claim.
20		(e-10) Law enforcement records of other persons
21		requested by a person committed to the Department of
22		Corrections, Department of Human Services Division of
23		Mental Health, or a county jail, including, but not limited
24		to, arrest and booking records, mug shots, and crime scene
25		photographs, except as these records may be relevant to the
26		requester's current or potential case or claim.

HB4444 - 6 - LRB101 19389 RJF 68861 b
1		(f) Preliminary drafts, notes, recommendations,
2		memoranda and other records in which opinions are
3		expressed, or policies or actions are formulated, except
4		that a specific record or relevant portion of a record
5		shall not be exempt when the record is publicly cited and
6		identified by the head of the public body. The exemption
7		provided in this paragraph (f) extends to all those records
8		of officers and agencies of the General Assembly that
9		pertain to the preparation of legislative documents.
10		(g) Trade secrets and commercial or financial
11		information obtained from a person or business where the
12		trade secrets or commercial or financial information are
13		furnished under a claim that they are proprietary,
14		privileged, or confidential, and that disclosure of the
15		trade secrets or commercial or financial information would
16		cause competitive harm to the person or business, and only
17		insofar as the claim directly applies to the records
18		requested.
19		The information included under this exemption includes
20		all trade secrets and commercial or financial information
21		obtained by a public body, including a public pension fund,
22		from a private equity fund or a privately held company
23		within the investment portfolio of a private equity fund as
24		a result of either investing or evaluating a potential
25		investment of public funds in a private equity fund. The
26		exemption contained in this item does not apply to the

HB4444 - 7 - LRB101 19389 RJF 68861 b
1		aggregate financial performance information of a private
2		equity fund, nor to the identity of the fund's managers or
3		general partners. The exemption contained in this item does
4		not apply to the identity of a privately held company
5		within the investment portfolio of a private equity fund,
6		unless the disclosure of the identity of a privately held
7		company may cause competitive harm.
8		Nothing contained in this paragraph (g) shall be
9		construed to prevent a person or business from consenting
10		to disclosure.
11		(h) Proposals and bids for any contract, grant, or
12		agreement, including information which if it were
13		disclosed would frustrate procurement or give an advantage
14		to any person proposing to enter into a contractor
15		agreement with the body, until an award or final selection
16		is made. Information prepared by or for the body in
17		preparation of a bid solicitation shall be exempt until an
18		award or final selection is made.
19		(i) Valuable formulae, computer geographic systems,
20		designs, drawings and research data obtained or produced by
21		any public body when disclosure could reasonably be
22		expected to produce private gain or public loss. The
23		exemption for "computer geographic systems" provided in
24		this paragraph (i) does not extend to requests made by news
25		media as defined in Section 2 of this Act when the
26		requested information is not otherwise exempt and the only

HB4444 - 8 - LRB101 19389 RJF 68861 b
1		purpose of the request is to access and disseminate
2		information regarding the health, safety, welfare, or
3		legal rights of the general public.
4		(j) The following information pertaining to
5		educational matters:
6		(i) test questions, scoring keys and other
7		examination data used to administer an academic
8		examination;
9		(ii) information received by a primary or
10		secondary school, college, or university under its
11		procedures for the evaluation of faculty members by
12		their academic peers;
13		(iii) information concerning a school or
14		university's adjudication of student disciplinary
15		cases, but only to the extent that disclosure would
16		unavoidably reveal the identity of the student; and
17		(iv) course materials or research materials used
18		by faculty members.
19		(k) Architects' plans, engineers' technical
20		submissions, and other construction related technical
21		documents for projects not constructed or developed in
22		whole or in part with public funds and the same for
23		projects constructed or developed with public funds,
24		including, but not limited to, power generating and
25		distribution stations and other transmission and
26		distribution facilities, water treatment facilities,

HB4444 - 9 - LRB101 19389 RJF 68861 b
1		airport facilities, sport stadiums, convention centers,
2		and all government owned, operated, or occupied buildings,
3		but only to the extent that disclosure would compromise
4		security.
5		(l) Minutes of meetings of public bodies closed to the
6		public as provided in the Open Meetings Act until the
7		public body makes the minutes available to the public under
8		Section 2.06 of the Open Meetings Act.
9		(m) Communications between a public body and an
10		attorney or auditor representing the public body that would
11		not be subject to discovery in litigation, and materials
12		prepared or compiled by or for a public body in
13		anticipation of a criminal, civil, or administrative
14		proceeding upon the request of an attorney advising the
15		public body, and materials prepared or compiled with
16		respect to internal audits of public bodies.
17		(n) Records relating to a public body's adjudication of
18		employee grievances or disciplinary cases; however, this
19		exemption shall not extend to the final outcome of cases in
20		which discipline is imposed.
21		(o) Administrative or technical information associated
22		with automated data processing operations, including, but
23		not limited to, software, operating protocols, computer
24		program abstracts, file layouts, source listings, object
25		modules, load modules, user guides, documentation
26		pertaining to all logical and physical design of

HB4444 - 10 - LRB101 19389 RJF 68861 b
1		computerized systems, employee manuals, and any other
2		information that, if disclosed, would jeopardize the
3		security of the system or its data or the security of
4		materials exempt under this Section.
5		(p) Records relating to collective negotiating matters
6		between public bodies and their employees or
7		representatives, except that any final contract or
8		agreement shall be subject to inspection and copying.
9		(q) Test questions, scoring keys, and other
10		examination data used to determine the qualifications of an
11		applicant for a license or employment.
12		(r) The records, documents, and information relating
13		to real estate purchase negotiations until those
14		negotiations have been completed or otherwise terminated.
15		With regard to a parcel involved in a pending or actually
16		and reasonably contemplated eminent domain proceeding
17		under the Eminent Domain Act, records, documents, and
18		information relating to that parcel shall be exempt except
19		as may be allowed under discovery rules adopted by the
20		Illinois Supreme Court. The records, documents, and
21		information relating to a real estate sale shall be exempt
22		until a sale is consummated.
23		(s) Any and all proprietary information and records
24		related to the operation of an intergovernmental risk
25		management association or self-insurance pool or jointly
26		self-administered health and accident cooperative or pool.

HB4444 - 11 - LRB101 19389 RJF 68861 b
1		Insurance or self insurance (including any
2		intergovernmental risk management association or self
3		insurance pool) claims, loss or risk management
4		information, records, data, advice or communications.
5		(t) Information contained in or related to
6		examination, operating, or condition reports prepared by,
7		on behalf of, or for the use of a public body responsible
8		for the regulation or supervision of financial
9		institutions, insurance companies, or pharmacy benefit
10		managers, unless disclosure is otherwise required by State
11		law.
12		(u) Information that would disclose or might lead to
13		the disclosure of secret or confidential information,
14		codes, algorithms, programs, or private keys intended to be
15		used to create electronic or digital signatures under the
16		Electronic Commerce Security Act.
17		(v) Vulnerability assessments, security measures, and
18		response policies or plans that are designed to identify,
19		prevent, or respond to potential attacks upon a community's
20		population or systems, facilities, or installations, the
21		destruction or contamination of which would constitute a
22		clear and present danger to the health or safety of the
23		community, but only to the extent that disclosure could
24		reasonably be expected to expose the vulnerability or
25		jeopardize the effectiveness of the measures, policies, or
26		plans, or the safety of the personnel who implement them or

HB4444 - 12 - LRB101 19389 RJF 68861 b
1		the public. Information exempt under this item may include
2		such things as details pertaining to the mobilization or
3		deployment of personnel or equipment, to the operation of
4		communication systems or protocols, to cybersecurity
5		vulnerabilities, or to tactical operations.
6		(w) (Blank).
7		(x) Maps and other records regarding the location or
8		security of generation, transmission, distribution,
9		storage, gathering, treatment, or switching facilities
10		owned by a utility, by a power generator, or by the
11		Illinois Power Agency.
12		(y) Information contained in or related to proposals,
13		bids, or negotiations related to electric power
14		procurement under Section 1-75 of the Illinois Power Agency
15		Act and Section 16-111.5 of the Public Utilities Act that
16		is determined to be confidential and proprietary by the
17		Illinois Power Agency or by the Illinois Commerce
18		Commission.
19		(z) Information about students exempted from
20		disclosure under Sections 10-20.38 or 34-18.29 of the
21		School Code, and information about undergraduate students
22		enrolled at an institution of higher education exempted
23		from disclosure under Section 25 of the Illinois Credit
24		Card Marketing Act of 2009.
25		(aa) Information the disclosure of which is exempted
26		under the Viatical Settlements Act of 2009.

HB4444 - 13 - LRB101 19389 RJF 68861 b
1		(bb) Records and information provided to a mortality
2		review team and records maintained by a mortality review
3		team appointed under the Department of Juvenile Justice
4		Mortality Review Team Act.
5		(cc) Information regarding interments, entombments, or
6		inurnments of human remains that are submitted to the
7		Cemetery Oversight Database under the Cemetery Care Act or
8		the Cemetery Oversight Act, whichever is applicable.
9		(dd) Correspondence and records (i) that may not be
10		disclosed under Section 11-9 of the Illinois Public Aid
11		Code or (ii) that pertain to appeals under Section 11-8 of
12		the Illinois Public Aid Code.
13		(ee) The names, addresses, or other personal
14		information of persons who are minors and are also
15		participants and registrants in programs of park
16		districts, forest preserve districts, conservation
17		districts, recreation agencies, and special recreation
18		associations.
19		(ff) The names, addresses, or other personal
20		information of participants and registrants in programs of
21		park districts, forest preserve districts, conservation
22		districts, recreation agencies, and special recreation
23		associations where such programs are targeted primarily to
24		minors.
25		(gg) Confidential information described in Section
26		1-100 of the Illinois Independent Tax Tribunal Act of 2012.

HB4444 - 14 - LRB101 19389 RJF 68861 b
1		(hh) The report submitted to the State Board of
2		Education by the School Security and Standards Task Force
3		under item (8) of subsection (d) of Section 2-3.160 of the
4		School Code and any information contained in that report.
5		(ii) Records requested by persons committed to or
6		detained by the Department of Human Services under the
7		Sexually Violent Persons Commitment Act or committed to the
8		Department of Corrections under the Sexually Dangerous
9		Persons Act if those materials: (i) are available in the
10		library of the facility where the individual is confined;
11		(ii) include records from staff members' personnel files,
12		staff rosters, or other staffing assignment information;
13		or (iii) are available through an administrative request to
14		the Department of Human Services or the Department of
15		Corrections.
16		(jj) Confidential information described in Section
17		5-535 of the Civil Administrative Code of Illinois.
18		(kk) The public body's credit card numbers, debit card
19		numbers, bank account numbers, Federal Employer
20		Identification Number, security code numbers, passwords,
21		and similar account information, the disclosure of which
22		could result in identity theft or impression or defrauding
23		of a governmental entity or a person.
24		(ll) (kk) Records concerning the work of the threat
25		assessment team of a school district.
26		(1.5) Any information exempt from disclosure under the

HB4444 - 15 - LRB101 19389 RJF 68861 b
1		Judicial Privacy Act shall be redacted from public records
2		prior to disclosure under this Act.
3		(2) A public record that is not in the possession of a
4		public body but is in the possession of a party with whom the
5		agency has contracted to perform a governmental function on
6		behalf of the public body, and that directly relates to the
7		governmental function and is not otherwise exempt under this
8		Act, shall be considered a public record of the public body,
9		for purposes of this Act.
10		(3) This Section does not authorize withholding of
11		information or limit the availability of records to the public,
12		except as stated in this Section or otherwise provided in this
13		Act.
14		(Source: P.A. 100-26, eff. 8-4-17; 100-201, eff. 8-18-17;
15		100-732, eff. 8-3-18; 101-434, eff. 1-1-20; 101-452, eff.
16		1-1-20; 101-455, eff. 8-23-19; revised 9-27-19.)
17		Section 10. The Department of Innovation and Technology Act
18		is amended by adding Sections 1-65, 1-70, and 1-75 as follows:
19		(20 ILCS 1370/1-65 new)
20		Sec. 1-65. Technology, Education, and Cybersecurity Fund.
21		The Technology, Education, and Cybersecurity Fund is hereby
22		created as a special fund in the State treasury, and may be
23		used by the Department, subject to appropriation, to promote
24		and effectuate information technology activities.

HB4444 - 16 - LRB101 19389 RJF 68861 b
1		(20 ILCS 1370/1-70 new)
2		Sec. 1-70. Authority to accept grants and donations.
3		(a) The Department may accept offers of services,
4		equipment, supplies, materials or funds via grant or donation
5		from the federal government, its agencies, or officers, or from
6		any other person, public or private, for the purposes of
7		promoting information technology or information technology
8		education. The funds shall be expended by the Department for
9		purposes as indicated by the grantor or donor, or, in the case
10		of funds provided for no specific purpose, for any purpose
11		deemed appropriate by the Secretary in administering the
12		responsibilities of the Department.
13		(b) Any funds received by the Department, not otherwise
14		required to be deposited into the Technology Management
15		Revolving Fund, shall be deposited in the Technology,
16		Education, and Cybersecurity Fund and used by the Department to
17		promote and effectuate information technology activities.
18		(20 ILCS 1370/1-75 new)
19		Sec. 1-75. Local government cybersecurity designee. The
20		principal executive officer, or his or her designee, of each
21		municipality with a population of 35,000 or greater and of each
22		county shall designate a local official or employee as the
23		primary point of contact for local cybersecurity issues. Each
24		jurisdiction must provide the name and contact information of

HB4444 - 17 - LRB101 19389 RJF 68861 b
1		the cybersecurity designee to the Department and update the
2		information as necessary.
3		Section 15. The Illinois Information Security Improvement
4		Act is amended by changing Section 5-25 and by adding Section
5		5-30 as follows:
6		(20 ILCS 1375/5-25)
7		Sec. 5-25. Responsibilities.
8		(a) The Secretary shall:
9		(1) appoint a Statewide Chief Information Security
10		Officer pursuant to Section 5-20;
11		(2) provide the Office with the staffing and resources
12		deemed necessary by the Secretary to fulfill the
13		responsibilities of the Office;
14		(3) oversee statewide information security policies
15		and practices, including:
16		(A) directing and overseeing the development,
17		implementation, and communication of statewide
18		information security policies, standards, and
19		guidelines;
20		(B) overseeing the education of State agency
21		personnel regarding the requirement to identify and
22		provide information security protections commensurate
23		with the risk and magnitude of the harm resulting from
24		the unauthorized access, use, disclosure, disruption,

HB4444 - 18 - LRB101 19389 RJF 68861 b
1		modification, or destruction of information in a
2		critical information system;
3		(C) overseeing the development and implementation
4		of a statewide information security risk management
5		program;
6		(D) overseeing State agency compliance with the
7		requirements of this Section;
8		(E) coordinating Information Security policies and
9		practices with related information and personnel
10		resources management policies and procedures; and
11		(F) providing an effective and efficient process
12		to assist State agencies with complying with the
13		requirements of this Act; and .
14		(4) subject to appropriation, establish a
15		cybersecurity liaison program to advise and assist units of
16		local government and school districts in identifying cyber
17		threats, performing risk assessments, sharing best
18		practices, and responding to cyber incidents.
19		(b) The Statewide Chief Information Security Officer
20		shall:
21		(1) serve as the head of the Office and ensure the
22		execution of the responsibilities of the Office as set
23		forth in subsection (c) of Section 5-15, the Statewide
24		Chief Information Security Officer shall also oversee
25		State agency personnel with significant responsibilities
26		for information security and ensure a competent workforce

HB4444 - 19 - LRB101 19389 RJF 68861 b
1		that keeps pace with the changing information security
2		environment;
3		(2) develop and recommend information security
4		policies, standards, procedures, and guidelines to the
5		Secretary for statewide adoption and monitor compliance
6		with these policies, standards, guidelines, and procedures
7		through periodic testing;
8		(3) develop and maintain risk-based, cost-effective
9		information security programs and control techniques to
10		address all applicable security and compliance
11		requirements throughout the life cycle of State agency
12		information systems;
13		(4) establish the procedures, processes, and
14		technologies to rapidly and effectively identify threats,
15		risks, and vulnerabilities to State information systems,
16		and ensure the prioritization of the remediation of
17		vulnerabilities that pose risk to the State;
18		(5) develop and implement capabilities and procedures
19		for detecting, reporting, and responding to information
20		security incidents;
21		(6) establish and direct a statewide information
22		security risk management program to identify information
23		security risks in State agencies and deploy risk mitigation
24		strategies, processes, and procedures;
25		(7) establish the State's capability to sufficiently
26		protect the security of data through effective information

HB4444 - 20 - LRB101 19389 RJF 68861 b
1		system security planning, secure system development,
2		acquisition, and deployment, the application of protective
3		technologies and information system certification,
4		accreditation, and assessments;
5		(8) ensure that State agency personnel, including
6		contractors, are appropriately screened and receive
7		information security awareness training;
8		(9) convene meetings with agency heads and other State
9		officials to help ensure:
10		(A) the ongoing communication of risk and risk
11		reduction strategies,
12		(B) effective implementation of information
13		security policies and practices, and
14		(C) the incorporation of and compliance with
15		information security policies, standards, and
16		guidelines into the policies and procedures of the
17		agencies;
18		(10) provide operational and technical assistance to
19		State agencies in implementing policies, principles,
20		standards, and guidelines on information security,
21		including implementation of standards promulgated under
22		subparagraph (A) of paragraph (3) of subsection (a) of this
23		Section, and provide assistance and effective and
24		efficient means for State agencies to comply with the State
25		agency requirements under this Act;
26		(11) in coordination and consultation with the

HB4444 - 21 - LRB101 19389 RJF 68861 b
1		Secretary and the Governor's Office of Management and
2		Budget, review State agency budget requests related to
3		Information Security systems and provide recommendations
4		to the Governor's Office of Management and Budget;
5		(12) ensure the preparation and maintenance of plans
6		and procedures to provide cyber resilience and continuity
7		of operations for critical information systems that
8		support the operations of the State; and
9		(13) take such other actions as the Secretary may
10		direct.
11		(Source: P.A. 100-611, eff. 7-20-18; 101-81, eff. 7-12-19.)
12		(20 ILCS 1375/5-30 new)
13		Sec. 5-30. Local government and school district employee
14		cybersecurity training. Every employee of a county,
15		municipality, and school district shall annually complete a
16		cybersecurity training program. The training shall include,
17		but need not be limited to, detecting phishing scams,
18		preventing spyware infections and identity theft, and
19		preventing and responding to data breaches. The Department
20		shall make available to each county, municipality, and school
21		district a training program for employees that complies with
22		the content requirements of this Section. A county,
23		municipality, or school district may create its own
24		cybersecurity training program.

HB4444 - 22 - LRB101 19389 RJF 68861 b
1		Section 20. The State Finance Act is amended by adding
2		Section 5.930 as follows:
3		(30 ILCS 105/5.930 new)
4		Sec. 5.930. The Technology, Education, and Cybersecurity
5		Fund.
6		Section 25. The Illinois Procurement Code is amended by
7		adding Section 55-25 as follows:
8		(30 ILCS 500/55-25 new)
9		Sec. 55-25. Cybersecurity prohibited products. State
10		agencies are prohibited from purchasing any products that, due
11		to cybersecurity risks, are prohibited for purchase by federal
12		agencies pursuant to a United States Department of Homeland
13		Security Binding Operational Directive.