|
|
|
HB4219 Engrossed |
- 2 - |
LRB095 15627 HLH 41629 b |
|
|
1 |
| card
required for the individual to access products or |
2 |
| services provided by the person or entity; however, a |
3 |
| person or entity that provides an insurance card must print |
4 |
| on the card an identification number unique to the holder |
5 |
| of the card in the format prescribed by Section 15 of the
|
6 |
| Uniform Prescription Drug Information Card Act. |
7 |
| (3) Require an individual to transmit his or her social |
8 |
| security number over the Internet, unless the connection is |
9 |
| secure or the social security number is encrypted. |
10 |
| (4) Require an individual to use his or her social |
11 |
| security number to access an Internet web site, unless a |
12 |
| password or unique personal identification number or other |
13 |
| authentication device is also required to access the |
14 |
| Internet web site. |
15 |
| (5) Print an individual's social security number on any |
16 |
| materials that are mailed to the individual, through the |
17 |
| U.S. Postal Service, any private mail service, electronic |
18 |
| mail, or any similar method of delivery, unless State or |
19 |
| federal law requires the social security number to be on |
20 |
| the document to be mailed. Notwithstanding any provision in |
21 |
| this Section to the contrary, social security numbers may |
22 |
| be included in applications and forms sent by mail, |
23 |
| including, but not limited to, any material mailed in |
24 |
| connection with the administration of the Unemployment |
25 |
| Insurance Act, any material mailed in connection with any |
26 |
| tax administered by the Department of Revenue, and |
|
|
|
HB4219 Engrossed |
- 3 - |
LRB095 15627 HLH 41629 b |
|
|
1 |
| documents sent as part of an application or enrollment |
2 |
| process or to establish, amend, or terminate an account, |
3 |
| contract, or policy or to confirm the accuracy of the |
4 |
| social security number. A social security number that may |
5 |
| permissibly be mailed under this Section may not be |
6 |
| printed, in whole or in part, on a postcard or other mailer |
7 |
| that does not require an envelope or be visible on an |
8 |
| envelope or visible without the envelope having been |
9 |
| opened. |
10 |
| (6) Collect a social security number from an |
11 |
| individual, unless required to do so under State or federal |
12 |
| law, rules, or regulations, unless the collection of the |
13 |
| social security number is otherwise necessary for the |
14 |
| performance of that agency's duties and responsibilities. |
15 |
| Social security numbers collected by a State or local |
16 |
| government agency must be relevant to the purpose for which |
17 |
| the number was collected and must not be collected unless |
18 |
| and until the need for social security numbers for that |
19 |
| purpose has been clearly documented. |
20 |
| (7) Use the social security number for any purpose |
21 |
| other than the purpose for which it was collected. |
22 |
| (8) Intentionally communicate or otherwise make |
23 |
| available to the general public a person's social security |
24 |
| number. |
25 |
| (b) The prohibitions in subsection (a) do not apply in the |
26 |
| following circumstances: |
|
|
|
HB4219 Engrossed |
- 4 - |
LRB095 15627 HLH 41629 b |
|
|
1 |
| (1) The disclosure of social security numbers to |
2 |
| agents, employees, or contractors of a governmental entity |
3 |
| or disclosed by a governmental entity to another |
4 |
| governmental entity or its agents, employees, or |
5 |
| contractors if disclosure is necessary in order for the |
6 |
| entity to perform its duties and responsibilities and if |
7 |
| the governmental entity and its agents, employees, and |
8 |
| contractors maintain the confidential and exempt status of |
9 |
| the social security numbers. |
10 |
| (2) The disclosure of social security numbers pursuant |
11 |
| to a court order, warrant, or subpoena. |
12 |
| (3) The collection, use, or disclosure of social |
13 |
| security numbers in order to ensure the safety of: State |
14 |
| and local government employees; persons committed to |
15 |
| correctional facilities, local jails, and other |
16 |
| law-enforcement facilities or retention centers; wards of |
17 |
| the State; and all persons working in or visiting a State |
18 |
| or local government agency facility. |
19 |
| (4) The disclosure of social security numbers by a |
20 |
| State agency to any entity for the collection of delinquent |
21 |
| child support or of any State debt. |
22 |
| (5) The collection, use, or disclosure of social |
23 |
| security numbers to investigate or prevent fraud, to |
24 |
| conduct background checks, to conduct social or scientific |
25 |
| research, to collect a debt, to obtain a credit report from |
26 |
| or furnish data to a consumer reporting agency under the |
|
|
|
HB4219 Engrossed |
- 5 - |
LRB095 15627 HLH 41629 b |
|
|
1 |
| federal Fair Credit Reporting Act, to undertake any |
2 |
| permissible purpose that is enumerated under the federal |
3 |
| Gramm Leach Bliley Act, or to locate a missing person, a |
4 |
| lost relative, or a person who is due a benefit, such as a |
5 |
| pension benefit or an unclaimed-property benefit. |
6 |
| (c) If any State agency or local government agency has |
7 |
| adopted standards for the collection, use, or disclosure of |
8 |
| social security numbers that are stricter than the standards |
9 |
| under this Act with respect to the protection of that |
10 |
| identifying information, then, in the event of any conflict |
11 |
| with the provisions of this Act, the stricter standards adopted |
12 |
| by the State agency or local government agency shall control. |
13 |
| Section 15. Public inspection and copying of information |
14 |
| and documents. Notwithstanding any other provision of this Act |
15 |
| to the contrary, a person or State or local government agency |
16 |
| must comply with the provisions of any other State law with |
17 |
| respect to allowing the public inspection and copying of |
18 |
| information or documents containing all or any portion of an |
19 |
| individual's social security number. |
20 |
| Section 20. Applicability. |
21 |
| (a) This Act does not apply to the collection, use, or |
22 |
| release
of a social security number as required by State or |
23 |
| federal law, rule, or regulation, or
the use of a social |
24 |
| security number or other identifying information for internal |
|
|
|
HB4219 Engrossed |
- 6 - |
LRB095 15627 HLH 41629 b |
|
|
1 |
| verification or
administrative purposes. |
2 |
| (b) This Act does not apply to documents that are recorded |
3 |
| with a county recorder or
required to be open to the public |
4 |
| under any State or federal law, rule, or regulation, applicable |
5 |
| case law, Supreme Court Rule, or the Constitution of the State |
6 |
| of Illinois. Notwithstanding this Section, county recorders |
7 |
| must comply with the provisions of Section 35 of this Act. |
8 |
| Section 25. Compliance with federal law. If a federal law |
9 |
| takes effect requiring any federal agency to establish a |
10 |
| national
unique patient health identifier program, any State or |
11 |
| local government agency that complies with the federal law |
12 |
| shall be deemed to be in compliance with this
Act. |
13 |
| Section 30. Embedded social security numbers. Beginning |
14 |
| December 31, 2009, no person or State or local government |
15 |
| agency may encode or embed a social security
number in or on a |
16 |
| card or document, including, but not limited to,
using a bar |
17 |
| code, chip, magnetic strip, RFID technology, or other |
18 |
| technology, in place
of removing the social security number as |
19 |
| required by this Act. |
20 |
| Section 35. Identity-protection policy; local government. |
21 |
| Each local government agency must establish an |
22 |
| identity-protection policy and must implement that policy on or |
23 |
| before December 31, 2009. The policy must do all of the |
|
|
|
HB4219 Engrossed |
- 7 - |
LRB095 15627 HLH 41629 b |
|
|
1 |
| following:
|
2 |
| (1) Identify all employees of the local government |
3 |
| agency who may have access to social security numbers in |
4 |
| the course of performing their duties. |
5 |
| (2) Require all employees of the local government |
6 |
| agency identified as having access to social security |
7 |
| numbers in the course of performing their duties to be |
8 |
| trained to protect the confidentiality of social security |
9 |
| numbers and to understand the requirements of this Section. |
10 |
| (3) Prohibit the unlawful disclosure of social |
11 |
| security numbers. |
12 |
| (4) Limit the number of employees who have access to |
13 |
| information or documents that contain social security |
14 |
| numbers. |
15 |
| (5) Describe how to properly dispose of information and |
16 |
| documents that contain social security numbers. |
17 |
| (6) Establish penalties for violation of the privacy |
18 |
| policy.
|
19 |
| (7) Prevent the intentional communication of or |
20 |
| ability of the general public to access an individual's |
21 |
| social security number. |
22 |
| (8) Require that social security numbers requested |
23 |
| from an individual be segregated on a separate page from |
24 |
| the rest of the record, provide a discrete location for a |
25 |
| social security number when required on a standardized |
26 |
| form, or otherwise place the number in a manner that makes |
|
|
|
HB4219 Engrossed |
- 8 - |
LRB095 15627 HLH 41629 b |
|
|
1 |
| it easily redacted if required to be released as part of a |
2 |
| public records request. |
3 |
| (9) Require that, when collecting a social security |
4 |
| number from an individual, at the time of or prior to the |
5 |
| actual collection of the social security number or upon |
6 |
| request by the individual, a statement of the purpose or |
7 |
| purposes for which the agency is collecting and using the |
8 |
| social security number be provided. |
9 |
| Each local government agency must file a written copy of |
10 |
| its privacy policy with the governing board of the unit of |
11 |
| local government. Each local government agency must also |
12 |
| provide a written copy of the policy to each of its employees, |
13 |
| and must also make its privacy policy available to any member |
14 |
| of the public, upon request. If a local government agency |
15 |
| amends its privacy policy, then that agency must file a written |
16 |
| copy of the amended policy with the appropriate entity and must |
17 |
| also provide each of its employees with a new written copy of |
18 |
| the amended policy.
|
19 |
| Section 37. Identity-protection policy; State. Each State |
20 |
| agency must recommend to the Social Security Number Task Force |
21 |
| an identity-protection policy on or before September 30, 2009. |
22 |
| The policy must do all of the following:
|
23 |
| (1) Identify all employees of the State agency who may |
24 |
| have access to social security numbers in the performance |
25 |
| of their duties. |
|
|
|
HB4219 Engrossed |
- 9 - |
LRB095 15627 HLH 41629 b |
|
|
1 |
| (2) Require all employees of the State agency |
2 |
| identified as having access to social security numbers in |
3 |
| the performance of their duties to be trained to protect |
4 |
| the confidentiality of social security numbers and to |
5 |
| understand the requirements of this Section. |
6 |
| (3) Prohibit the unlawful disclosure of social |
7 |
| security numbers. |
8 |
| (4) Limit the number of employees who have access to |
9 |
| information or documents that contain social security |
10 |
| numbers. |
11 |
| (5) Describe how to properly dispose of information and |
12 |
| documents that contain social security numbers. |
13 |
| (6) Establish penalties for violation of the privacy |
14 |
| policy.
|
15 |
| (7) Prevent the intentional communication of or |
16 |
| ability of the general public to access an individual's |
17 |
| social security number. |
18 |
| (8) Require that social security numbers requested |
19 |
| from an individual be segregated on a separate page from |
20 |
| the rest of the record, provide a discrete location for a |
21 |
| social security number when required on a standardized |
22 |
| form, or otherwise place the number in a manner that makes |
23 |
| it easily redacted if required to be released as part of a |
24 |
| public records request. |
25 |
| (9) Require that, when collecting a social security |
26 |
| number from an individual, at the time of or prior to the |
|
|
|
HB4219 Engrossed |
- 10 - |
LRB095 15627 HLH 41629 b |
|
|
1 |
| actual collection of the social security number or upon |
2 |
| request by the individual, a statement of the purpose or |
3 |
| purposes for which the agency is collecting and using the |
4 |
| social security number be provided. |
5 |
| The Task Force will study the recommendations from the |
6 |
| State agencies and will make its recommendation to the General |
7 |
| Assembly of the changes needed to implement the policies by |
8 |
| December 31, 2009. |
9 |
| Section 40. Judicial branch and clerks of courts. The |
10 |
| judicial branch and clerks of the circuit court are not subject |
11 |
| to the provisions of this Act, except that the Supreme Court |
12 |
| shall, under its rulemaking authority or by administrative |
13 |
| order, adopt requirements applicable to the judicial branch, |
14 |
| including clerks of the circuit court, regulating the |
15 |
| disclosure of social security numbers consistent with the |
16 |
| intent of this Act and the unique circumstances relevant in the |
17 |
| judicial process. |
18 |
| Section 45. Violation. Any person who intentionally |
19 |
| violates the prohibitions in Section 10 of this Act is guilty |
20 |
| of a Class B misdemeanor. |
21 |
| Section 50. Home rule. A home rule unit of local |
22 |
| government, any non-home rule municipality, or any non-home |
23 |
| rule county may regulate the use of social security numbers, |
|
|
|
HB4219 Engrossed |
- 11 - |
LRB095 15627 HLH 41629 b |
|
|
1 |
| but that regulation must be no less restrictive than this Act. |
2 |
| This Act is a limitation under subsection (i) of Section 6 of |
3 |
| Article VII of the Illinois Constitution on the concurrent |
4 |
| exercise by home rule units of powers and functions exercised |
5 |
| by the State.
|
6 |
| Section 55. This Act does not supersede any more |
7 |
| restrictive law, rule, or regulation regarding the collection, |
8 |
| use, or release of social security numbers. |
9 |
| Section 60. Rulemaking. Notwithstanding any other |
10 |
| rulemaking authority that may exist, neither the Governor nor |
11 |
| any agency or agency head under the jurisdiction of the |
12 |
| Governor has any authority to make or promulgate rules to |
13 |
| implement or enforce the provisions of this Act. If, however, |
14 |
| the Governor believes that rules are necessary to implement or |
15 |
| enforce the provisions of this Act, the Governor may suggest |
16 |
| rules to the General Assembly by filing them with the Clerk of |
17 |
| the House and the Secretary of the Senate and by requesting |
18 |
| that the General Assembly authorize such rulemaking by law, |
19 |
| enact those suggested rules into law, or take any other |
20 |
| appropriate action in the General Assembly's discretion. |
21 |
| Nothing contained in this Act shall be interpreted to grant |
22 |
| rulemaking authority under any other Illinois statute where |
23 |
| such authority is not otherwise explicitly given. For the |
24 |
| purposes of this Section, "rules" is given the meaning |
|
|
|
HB4219 Engrossed |
- 12 - |
LRB095 15627 HLH 41629 b |
|
|
1 |
| contained in Section 1-70 of the Illinois Administrative |
2 |
| Procedure Act, and "agency" and "agency head" are given the |
3 |
| meanings contained in Sections 1-20 and 1-25 of the Illinois |
4 |
| Administrative Procedure Act to the extent that such |
5 |
| definitions apply to agencies or agency heads under the |
6 |
| jurisdiction of the Governor. |
7 |
| Section 90. The State Mandates Act is amended by adding |
8 |
| Section 8.32 as follows: |
9 |
| (30 ILCS 805/8.32 new) |
10 |
| Sec. 8.32. Exempt mandate. Notwithstanding Sections 6 and 8 |
11 |
| of this Act, no reimbursement by the State is required for the |
12 |
| implementation of any mandate created by this amendatory Act of |
13 |
| the 95th General Assembly.
|
14 |
| Section 99. Effective date. This Act takes effect upon |
15 |
| becoming law.
|