Bill Status of HB5397  102nd General Assembly


House Sponsors
Rep. Keith R. Wheeler - Grant Wehrli - Amy Grant

Last Action
DateChamber Action
  1/13/2021HouseSession Sine Die

Statutes Amended In Order of Appearance
New Act
5 ILCS 140/7.5

Synopsis As Introduced
Creates the Insurance Data Security Act. Requires any person licensed, authorized to operate, or registered as an insurer in accordance with the insurance laws of this State to conduct a risk assessment of cybersecurity threats, implement appropriate security measures, and no less than annually assess the effectiveness of the safeguards' key controls, systems, and procedures. Requires a licensee to develop, implement, and maintain a written information security program based on the licensee's risk assessment. Requires each licensee to establish a written incident response plan designed to promptly respond to, and recover from, any cybersecurity event that compromises the confidentiality, integrity, or availability of nonpublic information in its possession, the licensee's information systems, or the continuing functionality of any aspect of the licensee's business or operations. Requires licensees domiciled in this State to annually submit a written certification of compliance to the Director of Insurance. Provides that a licensee shall notify the Director as promptly as possible, but not later than 72 hours from a determination that a cybersecurity event has occurred in specified circumstances. Provides standards and procedures for risk management, data security, and notification and investigation of cybersecurity events resulting in unauthorized access to, disruption of, or misuse of nonpublic data. Provides that the Director has the power to examine and investigate to determine whether a licensee has been or is engaged in any conduct in violation of the Act. Grants the Department of Insurance rulemaking authority to implement the Act. Provides that any documents, materials, or other information obtained pursuant to the Act is confidential by law and privileged, is not subject to the Freedom of Information Act, is not subject to subpoena, and is not subject to discovery or admissible in evidence in any private civil action. Makes a conforming change in the Freedom of Information Act. Defines terms. Effective January 1, 2021.

DateChamber Action
  2/14/2020HouseFiled with the Clerk by Rep. Keith R. Wheeler
  2/14/2020HouseChief Co-Sponsor Rep. Grant Wehrli
  2/14/2020HouseChief Co-Sponsor Rep. Amy Grant
  2/18/2020HouseFirst Reading
  2/18/2020HouseReferred to Rules Committee
  1/13/2021HouseSession Sine Die