Illinois General Assembly

  Bills & Resolutions  
  Compiled Statutes  
  Public Acts  
  Legislative Reports  
  IL Constitution  
  Legislative Guide  
  Legislative Glossary  

 Search By Number
 (example: HB0001)
Search Tips

Search By Keyword

Illinois Compiled Statutes

Information maintained by the Legislative Reference Bureau
Updating the database of the Illinois Compiled Statutes (ILCS) is an ongoing process. Recent laws may not yet be included in the ILCS database, but they are found on this site as Public Acts soon after they become law. For information concerning the relationship between statutes and Public Acts, refer to the Guide.

Because the statute database is maintained primarily for legislative drafting purposes, statutory changes are sometimes included in the statute database before they take effect. If the source note at the end of a Section of the statutes includes a Public Act that has not yet taken effect, the version of the law that is currently in effect may have already been removed from the database and you should refer to that Public Act to see the changes made to the current law.

GENERAL PROVISIONS
(5 ILCS 175/) Electronic Commerce Security Act.

5 ILCS 175/Art. 10

 
    (5 ILCS 175/Art. 10 heading)
ARTICLE 10. SECURE ELECTRONIC RECORDS AND SIGNATURES

5 ILCS 175/10-105

    (5 ILCS 175/10-105)
    Sec. 10-105. Secure electronic record.
    (a) If, through the use of a qualified security procedure, it can be verified that an electronic record has not been altered since a specified point in time, then such electronic record shall be considered to be a secure electronic record from such specified point in time to the time of verification, if the relying party establishes that the qualified security procedure was:
        (1) commercially reasonable under the circumstances;
        (2) applied by the relying party in a trustworthy
    
manner; and
        (3) reasonably and in good faith relied upon by the
    
relying party.
    (b) A qualified security procedure for purposes of this Section is a security procedure to detect changes in the content of an electronic record that is:
        (1) previously agreed to by the parties; or
        (2) certified by the Secretary of State in accordance
    
with Section 10-135 as being capable of providing reliable evidence that an electronic record has not been altered.
(Source: P.A. 90-759, eff. 7-1-99.)

5 ILCS 175/10-110

    (5 ILCS 175/10-110)
    Sec. 10-110. Secure electronic signature.
    (a) If, through the use of a qualified security procedure, it can be verified that an electronic signature is the signature of a specific person, then such electronic signature shall be considered to be a secure electronic signature at the time of verification, if the relying party establishes that the qualified security procedure was:
        (1) commercially reasonable under the circumstances;
        (2) applied by the relying party in a trustworthy
    
manner; and
        (3) reasonably and in good faith relied upon by the
    
relying party.
    (b) A qualified security procedure for purposes of this Section is a security procedure for identifying a person that is:
        (1) previously agreed to by the parties; or
        (2) certified by the Secretary of State in accordance
    
with Section 10-135 as being capable of creating, in a trustworthy manner, an electronic signature that:
            (A) is unique to the signer within the context in
        
which it is used;
            (B) can be used to objectively identify the
        
person signing the electronic record;
            (C) was reliably created by such identified
        
person, (e.g., because some aspect of the procedure involves the use of a signature device or other means or method that is under the sole control of such person), and that cannot be readily duplicated or compromised; and
            (D) is created, and is linked to the electronic
        
record to which it relates, in a manner such that if the record or the signature is intentionally or unintentionally changed after signing the electronic signature is invalidated.
(Source: P.A. 90-759, eff. 7-1-99.)

5 ILCS 175/10-115

    (5 ILCS 175/10-115)
    Sec. 10-115. Commercially reasonable; reliance.
    (a) The commercial reasonableness of a security procedure is a question of law to be determined in light of the purposes of the procedure and the commercial circumstances at the time the procedure was used, including the nature of the transaction, sophistication of the parties, volume of similar transactions engaged in by either or both of the parties, availability of alternatives offered to but rejected by either of the parties, cost of alternative procedures, and procedures in general use for similar types of transactions.
    (b) Whether reliance on a security procedure was reasonable and in good faith is to be determined in light of all the circumstances known to the relying party at the time of the reliance, having due regard to:
        (1) the information that the relying party knew or
    
should have known of at the time of reliance that would suggest that reliance was or was not reasonable;
        (2) the value or importance of the electronic record,
    
if known;
        (3) any course of dealing between the relying party
    
and the purported sender and the available indicia of reliability or unreliability apart from the security procedure;
        (4) any usage of trade, particularly trade conducted
    
by trustworthy systems or other computer-based means; and
        (5) whether the verification was performed with the
    
assistance of an independent third party.
(Source: P.A. 99-78, eff. 7-20-15.)

5 ILCS 175/10-120

    (5 ILCS 175/10-120)
    Sec. 10-120. Presumptions.
    (a) In resolving a civil dispute involving a secure electronic record, it shall be rebuttably presumed that the electronic record has not been altered since the specific point in time to which the secure status relates.
    (b) In resolving a civil dispute involving a secure electronic signature, it shall be rebuttably presumed that the secure electronic signature is the signature of the person to whom it correlates.
    (c) The effect of presumptions provided in this Section is to place on the party challenging the integrity of a secure electronic record or challenging the genuineness of a secure electronic signature both the burden of going forward with evidence to rebut the presumption and the burden of persuading the trier of fact that the nonexistence of the presumed fact is more probable than its existence.
    (d) In the absence of a secure electronic record or a secure electronic signature, nothing in this Act shall change existing rules regarding legal or evidentiary rules regarding the burden of proving the authenticity and integrity of an electronic record or an electronic signature.
(Source: P.A. 90-759, eff. 7-1-99.)

5 ILCS 175/10-125

    (5 ILCS 175/10-125)
    Sec. 10-125. Creation and control of signature devices. Except as otherwise provided by another applicable rule of law, whenever the creation, validity, or reliability of an electronic signature created by a qualified security procedure under Section 10-105 or 10-110 is dependent upon the secrecy or control of a signature device of the signer:
        (1) the person generating or creating the signature
    
device must do so in a trustworthy manner;
        (2) the signer and all other persons that rightfully
    
have access to such signature device must exercise reasonable care to retain control and maintain the secrecy of the signature device, and to protect it from any unauthorized access, disclosure, or use, during the period when reliance on a signature created by such device is reasonable;
        (3) in the event that the signer, or any other person
    
that rightfully has access to such signature device, knows or has reason to know that the secrecy or control of any such signature device has been compromised, such person must make a reasonable effort to promptly notify all persons that such person knows might foreseeably be damaged as a result of such compromise, or where an appropriate publication mechanism is available (which, for State agencies, may include the official newspaper designated pursuant to Section 4 of the Illinois Purchasing Act where appropriate), to publish notice of the compromise and a disavowal of any signatures created thereafter.
(Source: P.A. 90-759, eff. 7-1-99.)

5 ILCS 175/10-130

    (5 ILCS 175/10-130)
    Sec. 10-130. Attribution of signature.
    (a) Except as provided by another applicable rule of law, a secure electronic signature is attributable to the person to whom it correlates, whether or not authorized, if:
        (1) the electronic signature resulted from acts of a
    
person that obtained the signature device or other information necessary to create the signature from a source under the control of the alleged signer, creating the appearance that it came from that party;
        (2) the access or use occurred under circumstances
    
constituting a failure to exercise reasonable care by the alleged signer; and
        (3) the relying party relied reasonably and in good
    
faith to its detriment on the apparent source of the electronic record.
    (b) The provisions of this Section shall not apply to transactions intended primarily for personal, family, or household use, or otherwise defined as consumer transactions by applicable law including, but not limited to, credit card and automated teller machine transactions except to the extent allowed by applicable consumer law.
(Source: P.A. 90-759, eff. 7-1-99.)

5 ILCS 175/10-135

    (5 ILCS 175/10-135)
    Sec. 10-135. Secretary of State authority to certify security procedures.
    (a) A security procedure may be certified by the Secretary of State, as a qualified security procedure for purposes of Sections 10-105 or 10-110, following an appropriate investigation or review, if:
        (1) the security procedure (including any technology
    
and algorithms it employs) is completely open and fully disclosed to the public, and has been so for a sufficient length of time, so as to facilitate a comprehensive review and evaluation of its suitability for the intended purpose by the applicable information security or scientific community; and
        (2) the security procedure (including any technology
    
and algorithms it employs) has been generally accepted in the applicable information security or scientific community as being capable of satisfying the requirements of Section 10-105 or 10-110, as applicable, in a trustworthy manner.
    (b) In making a determination regarding whether the security procedure (including any technology and algorithms it employs) has been generally accepted in the applicable information security or scientific community, the Secretary of State shall consider the opinion of independent experts in the applicable field and the published findings of such community, including applicable standards organizations such as the American National Standards Institute (ANSI), International Standards Organization (ISO), International Telecommunications Union (ITU), and the National Institute of Standards and Technology (NIST).
    (c) Such certification shall be done through the adoption of rules in accordance with the provisions of the Illinois Administrative Procedure Act and shall specify a full and complete identification of the security procedure, including requirements as to how it is to be implemented, if appropriate.
    (d) The Secretary of State may also decertify a security procedure as a qualified security procedure for purposes of Sections 10-105 or 10-110 following an appropriate investigation or review and the adoption of rules in accordance with the provisions of the Illinois Administrative Procedure Act if subsequent developments establish that the security procedure is no longer sufficiently trustworthy or reliable for its intended purpose, or for any other reason no longer meets the requirements for certification.
    (e) The Secretary of State shall have exclusive authority to certify security procedures under this Section.
(Source: P.A. 90-759, eff. 7-1-99.)

5 ILCS 175/10-140

    (5 ILCS 175/10-140)
    Sec. 10-140. Unauthorized use of signature device.
    (a) No person shall knowingly or intentionally access, copy, or otherwise obtain possession of or recreate the signature device of another person without authorization for the purpose of creating, or allowing or causing another person to create, an unauthorized electronic signature using such signature device. A person convicted of a violation of this subsection shall be guilty of a Class A misdemeanor.
    (b) No person shall knowingly alter, disclose, or use the signature device of another person without authorization, or in excess of lawful authorization, for the purpose of creating, or allowing or causing another person to create, an unauthorized electronic signature using such signature device. A person convicted of a violation of this subsection shall be guilty of a Class 4 felony. A person convicted of a violation of this subsection who has previously been convicted of a violation of this subsection or Section 15-210 shall be guilty of a Class 3 felony. A person who violates this Section in furtherance of any scheme or artifice to defraud in excess of $50,000 shall be guilty of a Class 2 felony.
(Source: P.A. 90-759, eff. 7-1-99.)