|
|
|||||||
| |||||||
| |||||||
| 1 | AN ACT concerning education.
| ||||||
| 2 | Be it enacted by the People of the State of Illinois,
| ||||||
| 3 | represented in the General Assembly:
| ||||||
| 4 | Section 5. The Data Security on State Computers Act is | ||||||
| 5 | amended by changing Sections 15 and 20 and by adding Section 17 | ||||||
| 6 | as follows:
| ||||||
| 7 | (20 ILCS 450/15)
| ||||||
| 8 | Sec. 15. Definitions. As used in this Act:
| ||||||
| 9 | "Agency" means all parts, boards, and commissions of the | ||||||
| 10 | executive
branch of State government, other than public | ||||||
| 11 | universities or their governing boards, including, but not | ||||||
| 12 | limited to, State colleges and
universities and their governing | ||||||
| 13 | boards and all departments established by the
Civil | ||||||
| 14 | Administrative Code of Illinois.
| ||||||
| 15 | "Disposal by sale, donation, or transfer" includes, but is | ||||||
| 16 | not limited to,
the
sale, donation, or
transfer
of surplus | ||||||
| 17 | electronic data processing equipment to other agencies, | ||||||
| 18 | schools,
individuals, and
not-for-profit agencies.
| ||||||
| 19 | "Electronic data processing equipment" includes, but is | ||||||
| 20 | not limited to,
computer (CPU) mainframes, and any form of | ||||||
| 21 | magnetic storage media.
| ||||||
| 22 | "Authorized agency" means an agency authorized by the | ||||||
| 23 | Department of
Central Management Services to sell or transfer | ||||||
| |||||||
| |||||||
| 1 | electronic data processing
equipment under Sections 5010.1210 | ||||||
| 2 | and 5010.1220 of Title 44 of the Illinois
Administrative Code.
| ||||||
| 3 | "Department" means the Department of Central Management | ||||||
| 4 | Services.
| ||||||
| 5 | "Overwrite" means the replacement of previously stored | ||||||
| 6 | information with
a pre-determined pattern of meaningless | ||||||
| 7 | information.
| ||||||
| 8 | (Source: P.A. 93-306, eff. 7-23-03.)
| ||||||
| 9 | (20 ILCS 450/17 new) | ||||||
| 10 | Sec. 17. Exemption from Act. This Act does not apply to the | ||||||
| 11 | legislative branch of State government, the Office of the | ||||||
| 12 | Lieutenant Governor, the Office of the Attorney General, the | ||||||
| 13 | Office of the Secretary of State, the Office of the State | ||||||
| 14 | Comptroller, or the Office of the State Treasurer.
| ||||||
| 15 | (20 ILCS 450/20)
| ||||||
| 16 | Sec. 20. Establishment and implementation. The Data | ||||||
| 17 | Security on
State Computers Act is established to protect | ||||||
| 18 | sensitive data stored on
State-owned electronic data | ||||||
| 19 | processing equipment to be (i) disposed of by
sale, donation, | ||||||
| 20 | or
transfer or (ii) relinquished to a successor executive | ||||||
| 21 | administration. This Act
shall be administered by the | ||||||
| 22 | Department or an authorized
agency. The governing board of each | ||||||
| 23 | public university in this State must implement and administer | ||||||
| 24 | the provisions of this Act with respect to State-owned | ||||||
| |||||||
| |||||||
| 1 | electronic data processing equipment utilized by the | ||||||
| 2 | university. The Department or an authorized agency shall
| ||||||
| 3 | implement a policy
to mandate that all hard drives of surplus | ||||||
| 4 | electronic data processing equipment
be cleared of all data and | ||||||
| 5 | software before being prepared for sale, donation,
or transfer
| ||||||
| 6 | by
(i) overwriting the previously stored data on a drive or a | ||||||
| 7 | disk at least 10
times
and (ii)
certifying in writing that the | ||||||
| 8 | overwriting process has been completed by
providing
the | ||||||
| 9 | following information: (1) the serial number of the computer or | ||||||
| 10 | other
surplus
electronic data processing equipment; (2) the | ||||||
| 11 | name of the overwriting software
used; and (3) the name, date, | ||||||
| 12 | and signature of the person performing the
overwriting process.
| ||||||
| 13 | The head of each State agency shall
establish a system for the | ||||||
| 14 | protection and preservation of State
data on State-owned | ||||||
| 15 | electronic data processing equipment necessary for the
| ||||||
| 16 | continuity of
government functions upon it being relinquished | ||||||
| 17 | to a successor executive
administration.
| ||||||
| 18 | For purposes of this Act and any other State directive | ||||||
| 19 | requiring the clearing of data and software from State-owned | ||||||
| 20 | electronic data processing equipment prior to sale, donation, | ||||||
| 21 | or transfer by the General Assembly or a public university in | ||||||
| 22 | this State, the General Assembly or the governing board of the | ||||||
| 23 | university shall have and maintain responsibility for the | ||||||
| 24 | implementation and administration of the requirements for | ||||||
| 25 | clearing State-owned electronic data processing equipment | ||||||
| 26 | utilized by the General Assembly or the university. | ||||||
| |||||||
| |||||||
| 1 | (Source: P.A. 93-306, eff. 7-23-03.)
| ||||||
| 2 | Section 99. Effective date. This Act takes effect upon | ||||||
| 3 | becoming law.
| ||||||