(20 ILCS 450/25)
    Sec. 25. Mandatory State employee training.
    (a) As used in this Section, "employee" has the meaning ascribed to it in Section 1-5 of the State Officials and Employees Ethics Act, but does not include an employee of the legislative branch, the judicial branch, a public university of the State, or a constitutional officer other than the Governor.
    (b) Every employee shall annually undergo training by the Department of Innovation and Technology concerning cybersecurity. The Department may, in its discretion, make the training an online course. The training shall include, but need not be limited to, detecting phishing scams, preventing spyware infections and identity theft, and preventing and responding to data breaches.
    (c) The Department of Innovation and Technology may adopt rules to implement the requirements of this Section.
(Source: P.A. 100-40, eff. 1-1-18.)