Public Act 93-0306
SB553 Enrolled LRB093 10793 MKM 11219 b
AN ACT concerning computer technology.
Be it enacted by the People of the State of Illinois,
represented in the General Assembly:
Section 1. Short title. This Act may be cited as the
Data Security on State Computers Act.
Section 5. Findings. The General Assembly finds that:
(a) The Massachusetts Institute of Technology, in a
recent study, discovered that many companies and individuals
are regularly selling or donating computer hard drives with
sensitive information still on them, such as credit card
numbers, bank and medical records, and personal e-mail.
(b) Illinois currently has no law addressing data
security and removal of data from surplus State-owned
computers that are to be (i) disposed of by sale, donation,
or transfer or (ii) relinquished to a successor executive
administration.
(c) In order to ensure the protection of sensitive
information relating to the State and its citizens, it is
necessary to implement policies to (i) overwrite all hard
drives of surplus State-owned electronic data processing
equipment that are to be sold, donated, or transferred and
(ii) preserve the data on State-owned electronic data
processing equipment that is to be relinquished to a
successor executive administration for the continuity of
government functions.
Section 10. Purpose. The purpose of this Act is to (i)
require the Department of Central Management Services or any
other authorized agency that disposes of surplus electronic
data processing equipment by sale, donation, or transfer to
implement a policy mandating that computer hardware be
cleared of all data and software before disposal by sale,
donation, or transfer and (ii) require the head of each
Agency to establish a system for the protection and
preservation of State data on State-owned electronic data
processing equipment necessary for the continuity of
government functions upon relinquishment of the equipment to
a successor executive administration.
Section 15. Definitions. As used in this Act:
"Agency" means all parts, boards, and commissions of the
executive branch of State government, including, but not
limited to, State colleges and universities and their
governing boards and all departments established by the Civil
Administrative Code of Illinois.
"Disposal by sale, donation, or transfer" includes, but
is not limited to, the sale, donation, or transfer of surplus
electronic data processing equipment to other agencies,
schools, individuals, and not-for-profit agencies.
"Electronic data processing equipment" includes, but is
not limited to, computer (CPU) mainframes, and any form of
magnetic storage media.
"Authorized agency" means an agency authorized by the
Department of Central Management Services to sell or transfer
electronic data processing equipment under Sections 5010.1210
and 5010.1220 of Title 44 of the Illinois Administrative
Code.
"Department" means the Department of Central Management
Services.
"Overwrite" means the replacement of previously stored
information with a pre-determined pattern of meaningless
information.
Section 20. Establishment and implementation. The Data
Security on State Computers Act is established to protect
sensitive data stored on State-owned electronic data
processing equipment to be (i) disposed of by sale, donation,
or transfer or (ii) relinquished to a successor executive
administration. This Act shall be administered by the
Department or an authorized agency. The Department or an
authorized agency shall implement a policy to mandate that
all hard drives of surplus electronic data processing
equipment be cleared of all data and software before being
prepared for sale, donation, or transfer by (i) overwriting
the previously stored data on a drive or a disk at least 10
times and (ii) certifying in writing that the overwriting
process has been completed by providing the following
information: (1) the serial number of the computer or other
surplus electronic data processing equipment; (2) the name of
the overwriting software used; and (3) the name, date, and
signature of the person performing the overwriting process.
The head of each State agency shall establish a system for
the protection and preservation of State data on State-owned
electronic data processing equipment necessary for the
continuity of government functions upon it being relinquished
to a successor executive administration.
Section 50. The Public Utilities Act is amended by
changing Section 13-301.3 as follows:
(220 ILCS 5/13-301.3)
(Section scheduled to be repealed on July 1, 2005)
Sec. 13-301.3. Digital Divide Elimination Infrastructure
Program.
(a) The Digital Divide Elimination Infrastructure Fund
is created as a special fund in the State treasury. All
moneys in the Fund shall be used, subject to appropriation,
by the Commission to fund the construction of facilities
specified in Commission rules adopted under this Section. The
Commission may accept private and public funds, including
federal funds, for deposit into the Fund. Earnings
attributable to moneys in the Fund shall be deposited into
the Fund.
(b) The Commission shall adopt rules under which it will
make grants out of funds appropriated from the Digital Divide
Elimination Infrastructure Fund to eligible entities as
specified in the rules for the construction of high-speed
data transmission facilities in eligible areas of the State.
For purposes of determining whether an area is an eligible
area, the Commission shall consider, among other things,
whether (i) in such area, advanced telecommunications
services, as defined in subsection (c) of Section 13-517 of
this Act, are under-provided to residential or small business
end users, either directly or indirectly through an Internet
Service Provider, (ii) such area has a low population
density, and (iii) such area has not yet developed a
competitive market for advanced services. In addition, if an
entity seeking a grant of funds from the Digital Divide
Elimination Infrastructure Fund is an for which the incumbent
local exchange carrier having the duty to serve such area,
and the obligation to provide advanced services to such area
pursuant to Section 13-517 of this Act, the entity shall
demonstrate that it has sought and obtained an exemption from
such obligation pursuant to subsection (b) of Section 13-517.
Any entity seeking a grant of funds from the Digital Divide
Elimination Infrastructure Fund shall demonstrate to the
Commission that the grant shall be used for the construction
of high-speed data transmission facilities in an eligible
area and demonstrate that it satisfies all other
requirements of the Commission's rules. The Commission shall
determine the information that it deems necessary to award
grants pursuant to this Section. based upon a Commission
finding that provision of such advanced services to customers
in such area is either unduly economically burdensome or will
impose a significant adverse economic impact on users of
telecommunications services generally.
(c) The rules of the Commission shall provide for the
competitive selection of recipients of grant funds available
from the Digital Divide Elimination Infrastructure Fund
pursuant to the Illinois Procurement Code. Grants shall be
awarded to bidders chosen on the basis of the criteria
established in such rules.
(d) All entities awarded grant moneys under this Section
shall maintain all records required by Commission rule for
the period of time specified in the rules. Such records shall
be subject to audit by the Commission, by any auditor
appointed by the State, or by any State officer authorized to
conduct audits.
(Source: P.A. 92-22, eff. 6-30-01.)
Section 99. Effective date. This Act takes effect upon
becoming law.