(815 ILCS 530/5) Sec. 5. Definitions. In this Act: "Data Collector" may include, but is not limited to,
government agencies, public and private universities,
privately and publicly held corporations, financial
institutions, retail operators, and any other entity that, for any purpose, handles, collects, disseminates, or otherwise
deals with nonpublic personal information.
"Breach of the security of the system data" or "breach" means
unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of personal information maintained by the data collector. "Breach of the security of the system data" does not include good faith
acquisition of personal information by an employee or agent of
the data collector for a legitimate purpose of the data
collector, provided that the personal information is not used
for a purpose unrelated to the data collector's business or
subject to further unauthorized disclosure.
"Personal information" means an individual's first name or first initial and last name in combination with any one or more
of the following data elements, when either the name or the data elements are not encrypted or redacted:
(1) Social Security number. (2) Driver's license number or State identification
(3) Account number or credit or debit card number, or
an account number or credit card number in combination with any required security code, access code, or password that would permit access to an individual's financial account.
"Personal information" does not include publicly available
information that is lawfully made available to the general
public from federal, State, or local government records.
(Source: P.A. 97-483, eff. 1-1-12.)