Illinois General Assembly - Full Text of SB0707
Illinois General Assembly

Previous General Assemblies

Full Text of SB0707  100th General Assembly

SB0707sam001 100TH GENERAL ASSEMBLY

Sen. Michael E. Hastings

Filed: 3/7/2017

 

 


 

 


 
10000SB0707sam001LRB100 08839 JLS 22985 a

1
AMENDMENT TO SENATE BILL 707

2    AMENDMENT NO. ______. Amend Senate Bill 707 on page 5, line
312, by changing "or" to "concerning more than 250 Illinois
4residents or"; and
 
5on page 5, line 18, by changing "45" to "60"; and
 
6on page 5, line 20, by changing "or" to "concerning more than
7250 Illinois residents or"; and
 
8on page 6, by replacing lines 3 through 5 with the following:
9        "(iii) a description of the attack; and
10        (iv) an overview of corrective and preventative"; and
 
11on page 6, line 8, by deleting "immediately"; and
 
12on page 6, line 15, by changing "indefinitely" to "for a period
13of 60 days; and
 

 

 

10000SB0707sam001- 2 -LRB100 08839 JLS 22985 a

1on page 6, by inserting immediately below line 15, the
2following:
3    "(i) A State agency that has been subject to or has reason
4to believe it has been subject to a single breach of the
5security of the data concerning the personal information of
6more than 250 Illinois residents or an instance of aggravated
7computer tampering (as defined in Section 17-52 of the Criminal
8Code of 2012) shall notify the Office of the Chief Information
9Security Officer of the Illinois Department of Innovation and
10Technology regarding the breach or instance of aggravated
11computer tampering. Such notification shall be made without
12delay but no later than 72 hours following the discovery of the
13incident.
14    Upon receiving notification of such incident, the Chief
15Information Security Officer shall without delay take
16necessary and reasonable actions to:
17        (i) assess the incident to determine the potential
18    impact on the overall confidentiality, security, and
19    availability of State of Illinois data and information
20    systems;
21        (ii) ensure the security incident is contained to
22    minimize additional impact and risk to the State;
23        (iii) identify the root cause of the incident;
24        (iv) provide recommendations to the impacted State
25    agency to assist with eradicating the threat and removing

 

 

10000SB0707sam001- 3 -LRB100 08839 JLS 22985 a

1    and mitigating any vulnerabilities to reduce the risk of
2    further compromise; and
3        (v) assist the impacted State agency in any necessary
4    recovery efforts to ensure effective return to a state of
5    normal operations.
6    The Department of Innovation and Technology may agree to
7submit the comprehensive report required in subsection (f) in
8lieu of the impacted agency.".