|
Sen. Michael E. Hastings
Filed: 3/7/2017
| | 10000SB0707sam001 | | LRB100 08839 JLS 22985 a |
|
|
| 1 | | AMENDMENT TO SENATE BILL 707
|
| 2 | | AMENDMENT NO. ______. Amend Senate Bill 707 on page 5, line |
| 3 | | 12, by changing "or" to "concerning more than 250 Illinois |
| 4 | | residents or"; and
|
| 5 | | on page 5, line 18, by changing "45" to "60"; and
|
| 6 | | on page 5, line 20, by changing "or" to "concerning more than |
| 7 | | 250 Illinois residents or"; and
|
| 8 | | on page 6, by replacing lines 3 through 5 with the following:
|
| 9 | | "(iii) a description of the attack; and |
| 10 | | (iv) an overview of corrective and preventative"; and
|
| 11 | | on page 6, line 8, by deleting "immediately"; and
|
| 12 | | on page 6, line 15, by changing "indefinitely" to "for a period |
| 13 | | of 60 days; and
|
|
| | 10000SB0707sam001 | - 2 - | LRB100 08839 JLS 22985 a |
|
|
| 1 | | on page 6, by inserting immediately below line 15, the |
| 2 | | following:
|
| 3 | | "(i) A State agency that has been subject to or has reason |
| 4 | | to believe it has been subject to a single breach of the |
| 5 | | security of the data concerning the personal information of |
| 6 | | more than 250 Illinois residents or an instance of aggravated |
| 7 | | computer tampering (as defined in Section 17-52 of the Criminal |
| 8 | | Code of 2012) shall notify the Office of the Chief Information |
| 9 | | Security Officer of the Illinois Department of Innovation and |
| 10 | | Technology regarding the breach or instance of aggravated |
| 11 | | computer tampering. Such notification shall be made without |
| 12 | | delay but no later than 72 hours following the discovery of the |
| 13 | | incident. |
| 14 | | Upon receiving notification of such incident, the Chief |
| 15 | | Information Security Officer shall without delay take |
| 16 | | necessary and reasonable actions to: |
| 17 | | (i) assess the incident to determine the potential |
| 18 | | impact on the overall confidentiality, security, and |
| 19 | | availability of State of Illinois data and information |
| 20 | | systems; |
| 21 | | (ii) ensure the security incident is contained to |
| 22 | | minimize additional impact and risk to the State; |
| 23 | | (iii) identify the root cause of the incident; |
| 24 | | (iv) provide recommendations to the impacted State |
| 25 | | agency to assist with eradicating the threat and removing |