Full Text of HB2784 101st General Assembly
HB2784 101ST GENERAL ASSEMBLY
101ST GENERAL ASSEMBLY
State of Illinois
2019 and 2020
Introduced , by Rep. Ann M. Williams
SYNOPSIS AS INTRODUCED:
Amends the Personal Information Protection Act. Provides that
"consumer marketing information" means information related to a consumer's
online browsing history, online search history, or purchasing history,
including, but not limited to, consumer profiles that are based upon the
information. Provides that "geolocation information" means information
that is (i) generated or derived from the operation or use of an electronic
communications device, (ii) stored and sufficient to identify the street
name and the name of the city or town in which an individual is located, and
(iii) likely to enable someone to determine an individual's regular pattern
of behavior. Provides that "geolocation information" does not include the
contents of an electronic communication. Provides that "medical
information" includes genetic information. Provides that "personal
information" means an individual's first name or first initial and last
name and email address. Adds geolocation information, consumer marketing
information, and audio recordings to the list of data elements included in
the definition of "personal information".
A BILL FOR
|HB2784||LRB101 10655 TAE 55762 b|
AN ACT concerning business.
Be it enacted by the People of the State of Illinois,
represented in the General Assembly:
The Personal Information Protection Act is
amended by changing Section 5 as follows:
(815 ILCS 530/5)
In this Act:
"Data collector" may include, but is not limited to,
government agencies, public and private universities,
privately and publicly held corporations, financial
institutions, retail operators, and any other entity that, for
any purpose, handles, collects, disseminates, or otherwise
deals with nonpublic personal information.
"Breach of the security of the system data" or "breach"
unauthorized acquisition of computerized data that
compromises the security, confidentiality, or integrity of
personal information maintained by the data collector. "Breach
of the security of the system data" does not include good faith
acquisition of personal information by an employee or agent of
the data collector for a legitimate purpose of the data
collector, provided that the personal information is not used
for a purpose unrelated to the data collector's business or
subject to further unauthorized disclosure.
|HB2784||- 2 -||LRB101 10655 TAE 55762 b|
"Consumer marketing information" means information related
to a consumer's online browsing history, online search history,
or purchasing history, including, but not limited to, consumer
profiles that are based upon the information.
"Geolocation information" means information that is (i)
generated or derived from the operation or use of an electronic
communications device, (ii) stored and sufficient to identify
the street name and name of the city or town in which an
individual is located, and (iii) likely to enable someone to
determine an individual's regular pattern of behavior.
"Geolocation information" does not include the contents of an
"Health insurance information" means an individual's
health insurance policy number or subscriber identification
number, any unique identifier used by a health insurer to
identify the individual, or any medical information in an
individual's health insurance application and claims history,
including any appeals records.
"Medical information" means any information regarding an
individual's medical history,
physical condition, or medical treatment or diagnosis by a
healthcare professional, including such information provided
to a website or mobile application.
"Personal information" means either of the following:
An individual's first name or first initial and
last name or email address
An individual's first name or
|HB2784||- 3 -||LRB101 10655 TAE 55762 b|
first initial and last name
in combination with any one or
of the following data elements, when either the name
or the data elements are not encrypted or redacted or are
encrypted or redacted but the keys to unencrypt or unredact
or otherwise read the name or data elements have been
acquired without authorization through the breach of
(A) Social Security number.
(B) Driver's license number or State
(C) Account number or credit or debit card number,
account number or credit card number in
any required security code, access
code, or password that
would permit access to an
individual's financial account.
(D) Medical information.
(E) Health insurance information.
(F) Unique biometric data generated from
measurements or technical analysis of human body
characteristics used by the owner or licensee to
authenticate an individual, such as a fingerprint,
retina or iris image, or other unique physical
representation or digital representation of biometric
(G) Geolocation information.
(H) Consumer marketing information.
|HB2784||- 4 -||LRB101 10655 TAE 55762 b|
(I) Audio recordings.
(2) User name or email address, in combination with a
password or security question and answer that would permit
access to an online account, when either the user name or
email address or password or security question and answer
are not encrypted or redacted or are encrypted or redacted
but the keys to unencrypt or unredact or otherwise read the
data elements have been obtained through the breach of
"Personal information" does not include publicly available
information that is lawfully made available to the general
public from federal, State, or local government records.
(Source: P.A. 99-503, eff. 1-1-17