(765 ILCS 1026/15-1404)
    Sec. 15-1404. Security of information.
    (a) If a holder is required to include confidential information in a report to the administrator, the information must be provided by a secure means.
    (b) If confidential information in a record is provided to and maintained by the administrator or administrator's agent as required by this Act, the administrator or agent shall implement and maintain reasonable security measures to protect those records from unauthorized access, acquisition, destruction, use, modification, or disclosure as required by the Personal Information Protection Act. If a State or federal law requires the administrator or agent to provide greater protection to records that contain personal information that are maintained by the administrator or agent and the administrator or agent is in compliance with the provisions of that State or federal law, the administrator or agent is deemed to be in compliance with the provisions of this subsection.
    (c) If there is any breach of the security of the system data or written material, the administrator and the administrator's agent shall comply with the notice requirements of Section 12 of the Personal Information Protection Act, and shall, if applicable, cooperate with a holder in complying with the notice requirements of Section 10 of the Personal Information Protection Act.
    (d) The administrator and the administrator's agent shall either return in a secure manner or destroy in a manner consistent with the Personal Information Protection Act all confidential information no longer reasonably needed under this Act.
(Source: P.A. 100-22, eff. 1-1-18.)