Public Act 100-0040
HB2371 EnrolledLRB100 08806 HLH 18946 b

    AN ACT concerning State government.
    Be it enacted by the People of the State of Illinois,
represented in the General Assembly:
    Section 5. The Data Security on State Computers Act is
amended by adding Section 25 as follows:
    (20 ILCS 450/25 new)
    Sec. 25. Mandatory State employee training.
    (a) As used in this Section, "employee" has the meaning
ascribed to it in Section 1-5 of the State Officials and
Employees Ethics Act, but does not include an employee of the
legislative branch, the judicial branch, a public university of
the State, or a constitutional officer other than the Governor.
    (b) Every employee shall annually undergo training by the
Department of Innovation and Technology concerning
cybersecurity. The Department may, in its discretion, make the
training an online course. The training shall include, but need
not be limited to, detecting phishing scams, preventing spyware
infections and identity theft, and preventing and responding to
data breaches.
    (c) The Department of Innovation and Technology may adopt
rules to implement the requirements of this Section.

Effective Date: 1/1/2018