95TH GENERAL ASSEMBLY
State of Illinois
2007 and 2008
HB4890


 
Introduced , by Rep. Richard P. Myers
 
SYNOPSIS AS INTRODUCED:
 		








    



20 ILCS 450/15




20 ILCS 450/20









    Amends the Data Security on State Computers Act.  Provides that the definition of "Agency" does not include public universities or their governing boards. Requires the governing board of each public university in this State to implement and administer the provisions of the Act with respect to State-owned electronic data processing equipment utilized by the university.  Provides that the governing board shall implement a policy to mandate that all hard drives of surplus electronic data processing equipment be cleared of all data and software before being prepared for sale, donation, or transfer by following certain requirements. For purposes of the Act and any other State directive requiring the clearing of data and software from State-owned electronic data processing equipment prior to sale, donation, or transfer by a public university, provides that the governing board of the university shall have and maintain responsibility for the implementation and administration of the requirements for clearing State-owned electronic data processing equipment utilized by the university. Effective immediately.
















LRB095 17105 NHT 44889 b

















FISCAL NOTE ACT MAY APPLY
















 


 


A BILL FOR









 











HB4890

LRB095 17105 NHT 44889 b






1
    AN ACT concerning education.

 
2
    Be it enacted by the People of the State of Illinois,
 
3
represented in the General Assembly:


 
4
    Section 5. The Data Security on State Computers Act is 
5
amended  by changing Sections 15 and 20 as follows:
 



6
    (20 ILCS 450/15)



7
    Sec. 15. Definitions. As used in this Act:

8
    "Agency" means all parts, boards, and commissions of the 
9
executive
branch of State government, other than public 
10
universities or their governing boards, including, but not 
11
limited to, State colleges and
universities and their governing 
12
boards and all departments established by the
Civil 
13
Administrative Code of Illinois.

14
    "Disposal by sale, donation, or transfer" includes, but is 
15
not limited to,
the
sale, donation, or
transfer
of surplus 
16
electronic data processing equipment to other agencies, 
17
schools,
individuals, and
not-for-profit agencies.

18
    "Electronic data processing equipment" includes, but is 
19
not limited to,
computer (CPU) mainframes, and any form of 
20
magnetic storage media.

21
    "Authorized agency" means an agency authorized by the 
22
Department of
Central Management Services to sell or transfer 
23
electronic data processing
equipment under Sections 5010.1210 
 


 






HB4890
- 2 -
LRB095 17105 NHT 44889 b




1
and 5010.1220 of Title 44 of the Illinois
Administrative Code.

2
    "Department" means the Department of Central Management 
3
Services.

4
    "Overwrite" means the replacement of previously stored 
5
information with
a pre-determined pattern of meaningless 
6
information.

7
(Source: P.A. 93-306, eff. 7-23-03.)

 



8
    (20 ILCS 450/20)


9
    Sec. 20. Establishment and implementation. The Data 
10
Security on
State Computers Act is established to protect 
11
sensitive data stored on
State-owned electronic data 
12
processing equipment to be (i) disposed of by
sale, donation, 
13
or
transfer or (ii) relinquished to a successor executive 
14
administration. This Act
shall be administered by the 
15
Department or an authorized
agency. The governing board of each 
16
public university in this State must implement and administer 
17
the provisions of this Act with respect to State-owned 
18
electronic data processing equipment utilized by the 
19
university. The Department or an authorized agency shall

20
implement a policy
to mandate that all hard drives of surplus 
21
electronic data processing equipment
be cleared of all data and 
22
software before being prepared for sale, donation,
or transfer

23
by
(i) overwriting the previously stored data on a drive or a 
24
disk at least 10
times
and (ii)
certifying in writing that the 
25
overwriting process has been completed by
providing
the 
 


 






HB4890
- 3 -
LRB095 17105 NHT 44889 b




1
following information: (1) the serial number of the computer or 
2
other
surplus
electronic data processing equipment; (2) the 
3
name of the overwriting software
used; and (3) the name, date, 
4
and signature of the person performing the
overwriting process.

5
The head of each State agency shall
establish a system for the 
6
protection and preservation of State
data on State-owned 
7
electronic data processing equipment necessary for the

8
continuity of
government functions upon it being relinquished 
9
to a successor executive
administration.

10
    For purposes of this Act and any other State directive 
11
requiring the clearing of data and software from State-owned 
12
electronic data processing equipment prior to sale, donation, 
13
or transfer by a public university in this State, the governing 
14
board of the university shall have and maintain responsibility 
15
for the implementation and administration of the requirements 
16
for clearing State-owned electronic data processing equipment 
17
utilized by the university. 
18
(Source: P.A. 93-306, eff. 7-23-03.)


 

19
    Section 99. Effective date. This Act takes effect upon 
20
becoming law.