Full Text of SB1833 99th General Assembly
SB1833sam001 99TH GENERAL ASSEMBLY | Sen. Daniel Biss Filed: 4/10/2015
| | 09900SB1833sam001 | | LRB099 09064 JLS 33138 a |
|
| 1 | | AMENDMENT TO SENATE BILL 1833
| 2 | | AMENDMENT NO. ______. Amend Senate Bill 1833 on page 3, | 3 | | line 2, by changing " obtained " to " acquired without | 4 | | authorization "; and
| 5 | | on page 4, line 14, by changing "information" to "information , | 6 | | excluding geolocation information and consumer marketing | 7 | | information, "; and
| 8 | | on page 4 by replacing lines 23 through 25 with the following:
| 9 | | "not be limited to, information as follows: | 10 | | (1) With respect to personal information as defined in | 11 | | Section 5 in paragraph (1) of the definition of "personal | 12 | | information": | 13 | | (A) (i) the toll-free numbers and addresses for | 14 | | consumer reporting agencies ; , | 15 | | (B) (ii) the toll-free number, address, and | 16 | | website address for the Federal Trade Commission ; , and |
| | | 09900SB1833sam001 | - 2 - | LRB099 09064 JLS 33138 a |
|
| 1 | | (C) (iii) a statement that the individual can | 2 | | obtain information from these sources about fraud | 3 | | alerts and security freezes. | 4 | | The notification shall not, however, include | 5 | | information concerning the number of Illinois residents | 6 | | affected by the breach. | 7 | | (2) With respect to personal information defined in | 8 | | Section 5 in paragraph (2) of the definition of "personal | 9 | | information", notice may be provided in electronic or other | 10 | | form directing the Illinois resident whose personal | 11 | | information has been breached to promptly change his or her | 12 | | username or password and security question or answer, as | 13 | | applicable, or to take other steps appropriate to protect | 14 | | all online accounts for which the resident uses the same | 15 | | user name or email address and password or security | 16 | | question and answer. "; and | 17 | | on page 5 by deleting lines 1 through 5; and | 18 | | on page 7 by replacing lines 13 through 16 with the following: | 19 | | " (1) Any data collector that suffers a breach of the | 20 | | security of the data concerning the personal information of | 21 | | more than 250 Illinois residents shall provide notice to | 22 | | the Attorney General of the "; and | 23 | | on page 7, line 24, by replacing " 14 " with " 30 "; and |
| | | 09900SB1833sam001 | - 3 - | LRB099 09064 JLS 33138 a |
|
| 1 | | on page 8 by replacing lines 8 through 10 with the following: | 2 | | " personal information that suffers a breach of the security of | 3 | | the data concerning the personal information of more than 250 | 4 | | Illinois residents shall notify the Attorney "; and | 5 | | on page 8, line 21, by changing " 14 " to " 30 "; and | 6 | | on page 9 by inserting immediately below line 2 the following: | 7 | | " (f) A data collector that suffers a breach subject to the | 8 | | breach notification standards established pursuant to the | 9 | | federal Health Information Technology Act, 42 U.S.C. Section | 10 | | 17932, shall be deemed to be in compliance with the provisions | 11 | | of this Section if that data collector does the following: (1) | 12 | | provides notification to individuals in compliance with the | 13 | | federal Health Information Technology Act and implementing | 14 | | regulations and (2) provides notification to the Attorney | 15 | | General pursuant to subsection (e). "; and | 16 | | on page 9 by inserting immediately below line 25 the following: | 17 | | " (d) A data collector that is subject to and in compliance | 18 | | with the security standards for the protection of electronic | 19 | | health information, 45 C.F.R. Parts 160 and 164, established | 20 | | pursuant to the federal Health Insurance Portability and | 21 | | Accountability Act of 1996 shall be deemed to be in compliance | 22 | | with the provisions of this Section. |
| | | 09900SB1833sam001 | - 4 - | LRB099 09064 JLS 33138 a |
|
| 1 | | (e) A data collector that is subject to and in compliance | 2 | | with the standards established pursuant to Section 501(b) of | 3 | | the Gramm-Leach-Bliley Act of 1999, 15 U.S.C. Section 6801, | 4 | | shall be deemed to be in compliance with the provisions of this | 5 | | Section. ".
|
|