Illinois General Assembly - Full Text of SB0707

Home

Legislation & Laws

Senate

House

My Legislation

Site Map

Previous General Assemblies

Full Text of SB0707 100th General Assembly

Introduced   Engrossed   Enrolled
Senate Amendment 001   Senate Amendment 002   House Amendment 001

Public Act
Printer-Friendly Version  PDF  Bill Status

SB0707sam001 100TH GENERAL ASSEMBLY
Sen. Michael E. Hastings
Filed: 3/7/2017

10000SB0707sam001 LRB100 08839 JLS 22985 a

1 AMENDMENT TO SENATE BILL 707
2     AMENDMENT NO. ______. Amend Senate Bill 707 on page 5, line
3 12, by changing "or" to "concerning more than 250 Illinois
4 residents or"; and

5 on page 5, line 18, by changing "45" to "60"; and

6 on page 5, line 20, by changing "or" to "concerning more than
7 250 Illinois residents or"; and

8 on page 6, by replacing lines 3 through 5 with the following:
9         "(iii) a description of the attack; and
10         (iv) an overview of corrective and preventative"; and

11 on page 6, line 8, by deleting "immediately"; and

12 on page 6, line 15, by changing "indefinitely" to "for a period
13 of 60 days; and

10000SB0707sam001 - 2 - LRB100 08839 JLS 22985 a

1 on page 6, by inserting immediately below line 15, the
2 following:
3     "(i) A State agency that has been subject to or has reason
4 to believe it has been subject to a single breach of the
5 security of the data concerning the personal information of
6 more than 250 Illinois residents or an instance of aggravated
7 computer tampering (as defined in Section 17-52 of the Criminal
8 Code of 2012) shall notify the Office of the Chief Information
9 Security Officer of the Illinois Department of Innovation and
10 Technology regarding the breach or instance of aggravated
11 computer tampering. Such notification shall be made without
12 delay but no later than 72 hours following the discovery of the
13 incident.
14     Upon receiving notification of such incident, the Chief
15 Information Security Officer shall without delay take
16 necessary and reasonable actions to:
17         (i) assess the incident to determine the potential
18     impact on the overall confidentiality, security, and
19     availability of State of Illinois data and information
20     systems;
21         (ii) ensure the security incident is contained to
22     minimize additional impact and risk to the State;
23         (iii) identify the root cause of the incident;
24         (iv) provide recommendations to the impacted State
25     agency to assist with eradicating the threat and removing

10000SB0707sam001 - 3 - LRB100 08839 JLS 22985 a

1     and mitigating any vulnerabilities to reduce the risk of
2     further compromise; and
3         (v) assist the impacted State agency in any necessary
4     recovery efforts to ensure effective return to a state of
5     normal operations.
6     The Department of Innovation and Technology may agree to
7 submit the comprehensive report required in subsection (f) in
8 lieu of the impacted agency.".

×