101ST GENERAL ASSEMBLY
State of Illinois
2019 and 2020
HB2784

 

Introduced , by Rep. Ann M. Williams

 

SYNOPSIS AS INTRODUCED:
 
815 ILCS 530/5

    Amends the Personal Information Protection Act. Provides that "consumer marketing information" means information related to a consumer's online browsing history, online search history, or purchasing history, including, but not limited to, consumer profiles that are based upon the information. Provides that "geolocation information" means information that is (i) generated or derived from the operation or use of an electronic communications device, (ii) stored and sufficient to identify the street name and the name of the city or town in which an individual is located, and (iii) likely to enable someone to determine an individual's regular pattern of behavior. Provides that "geolocation information" does not include the contents of an electronic communication. Provides that "medical information" includes genetic information. Provides that "personal information" means an individual's first name or first initial and last name and email address. Adds geolocation information, consumer marketing information, and audio recordings to the list of data elements included in the definition of "personal information".


LRB101 10655 TAE 55762 b

 

 

A BILL FOR

 

HB2784LRB101 10655 TAE 55762 b

1    AN ACT concerning business.
 
2    Be it enacted by the People of the State of Illinois,
3represented in the General Assembly:
 
4    Section 5. The Personal Information Protection Act is
5amended by changing Section 5 as follows:
 
6    (815 ILCS 530/5)
7    Sec. 5. Definitions. In this Act:
8    "Data collector" may include, but is not limited to,
9government agencies, public and private universities,
10privately and publicly held corporations, financial
11institutions, retail operators, and any other entity that, for
12any purpose, handles, collects, disseminates, or otherwise
13deals with nonpublic personal information.
14    "Breach of the security of the system data" or "breach"
15means unauthorized acquisition of computerized data that
16compromises the security, confidentiality, or integrity of
17personal information maintained by the data collector. "Breach
18of the security of the system data" does not include good faith
19acquisition of personal information by an employee or agent of
20the data collector for a legitimate purpose of the data
21collector, provided that the personal information is not used
22for a purpose unrelated to the data collector's business or
23subject to further unauthorized disclosure.

 

 

HB2784- 2 -LRB101 10655 TAE 55762 b

1    "Consumer marketing information" means information related
2to a consumer's online browsing history, online search history,
3or purchasing history, including, but not limited to, consumer
4profiles that are based upon the information.
5    "Geolocation information" means information that is (i)
6generated or derived from the operation or use of an electronic
7communications device, (ii) stored and sufficient to identify
8the street name and name of the city or town in which an
9individual is located, and (iii) likely to enable someone to
10determine an individual's regular pattern of behavior.
11"Geolocation information" does not include the contents of an
12electronic communication.
13    "Health insurance information" means an individual's
14health insurance policy number or subscriber identification
15number, any unique identifier used by a health insurer to
16identify the individual, or any medical information in an
17individual's health insurance application and claims history,
18including any appeals records.
19    "Medical information" means any information regarding an
20individual's medical history, genetic information, mental or
21physical condition, or medical treatment or diagnosis by a
22healthcare professional, including such information provided
23to a website or mobile application.
24    "Personal information" means either of the following:
25        (1) An individual's first name or first initial and
26    last name or email address An individual's first name or

 

 

HB2784- 3 -LRB101 10655 TAE 55762 b

1    first initial and last name in combination with any one or
2    more of the following data elements, when either the name
3    or the data elements are not encrypted or redacted or are
4    encrypted or redacted but the keys to unencrypt or unredact
5    or otherwise read the name or data elements have been
6    acquired without authorization through the breach of
7    security:
8            (A) Social Security number.
9            (B) Driver's license number or State
10        identification card number.
11            (C) Account number or credit or debit card number,
12        or an account number or credit card number in
13        combination with any required security code, access
14        code, or password that would permit access to an
15        individual's financial account.
16            (D) Medical information.
17            (E) Health insurance information.
18            (F) Unique biometric data generated from
19        measurements or technical analysis of human body
20        characteristics used by the owner or licensee to
21        authenticate an individual, such as a fingerprint,
22        retina or iris image, or other unique physical
23        representation or digital representation of biometric
24        data.
25            (G) Geolocation information.
26            (H) Consumer marketing information.

 

 

HB2784- 4 -LRB101 10655 TAE 55762 b

1            (I) Audio recordings.
2        (2) User name or email address, in combination with a
3    password or security question and answer that would permit
4    access to an online account, when either the user name or
5    email address or password or security question and answer
6    are not encrypted or redacted or are encrypted or redacted
7    but the keys to unencrypt or unredact or otherwise read the
8    data elements have been obtained through the breach of
9    security.
10    "Personal information" does not include publicly available
11information that is lawfully made available to the general
12public from federal, State, or local government records.
13(Source: P.A. 99-503, eff. 1-1-17.)