|
|
|
|
95TH GENERAL ASSEMBLY
State of Illinois
2007 and 2008
SB2113
Introduced 2/14/2008, by Sen. Christine Radogno SYNOPSIS AS INTRODUCED:
|
|
New Act |
|
30 ILCS 805/8.32 new |
|
|
Creates the Identity Protection Act. Prohibits a State or local government agency from using an individual's social security number in certain ways, subject to various exceptions. Requires each State or local government agency to develop and implement an identity protection plan. Provides that any employee of a State or local government agency who intentionally violates the provisions of the Act is guilty of a Class B misdemeanor. Preempts the concurrent exercise of home rule powers. Amends the State Mandates Act to require implementation without reimbursement by the State. Effective immediately.
|
| |
|
|
| FISCAL NOTE ACT MAY APPLY |
HOME RULE NOTE ACT MAY APPLY |
STATE MANDATES ACT MAY REQUIRE REIMBURSEMENT |
|
|
|
A BILL FOR
|
|
|
|
|
SB2113 |
|
LRB095 18762 HLH 44882 b |
|
|
| 1 |
| AN ACT concerning State government.
|
| 2 |
| Be it enacted by the People of the State of Illinois,
|
| 3 |
| represented in the General Assembly:
|
| 4 |
| Section 1. Short title. This Act may be cited as the |
| 5 |
| Identity Protection Act.
|
| 6 |
| Section 5. Definitions. In this Act: |
| 7 |
| "Local government agency" means that term as it is defined |
| 8 |
| in Section 1-8 of the Illinois State Auditing Act.
|
| 9 |
| "Person" means any individual in the employ of a State |
| 10 |
| agency or local government agency. |
| 11 |
| "Publicly post" or "publicly display" means to |
| 12 |
| intentionally communicate or otherwise intentionally make |
| 13 |
| available to the general public. |
| 14 |
| "State agency" means that term as it is defined in Section |
| 15 |
| 1-7 of the Illinois State Auditing Act.
|
| 16 |
| Section 10. Prohibited activities. |
| 17 |
| (a) Except as otherwise provided in this Act,
beginning |
| 18 |
| July 1, 2009, no
person or State or local government agency may |
| 19 |
| do any of the following: |
| 20 |
| (1) Publicly post or publicly display in any manner an |
| 21 |
| individual's social security number. |
| 22 |
| (2) Print an individual's social security number on any |
|
|
|
SB2113 |
- 2 - |
LRB095 18762 HLH 44882 b |
|
|
| 1 |
| card
required for the individual to access products or |
| 2 |
| services provided by the person or entity; however, a |
| 3 |
| person or entity that provides an insurance card must print |
| 4 |
| on the card an identification number unique to the holder |
| 5 |
| of the card in the format prescribed by Section 15 of the
|
| 6 |
| Uniform Prescription Drug Information Card Act. |
| 7 |
| (3) Require an individual to transmit his or her social |
| 8 |
| security number over the Internet, unless the connection is |
| 9 |
| secure or the social security number is encrypted. |
| 10 |
| (4) Require an individual to use his or her social |
| 11 |
| security number to access an Internet web site, unless a |
| 12 |
| password or unique personal identification number or other |
| 13 |
| authentication device is also required to access the |
| 14 |
| Internet web site. |
| 15 |
| (5) Print an individual's social security number on any |
| 16 |
| materials that are mailed to the individual, through the |
| 17 |
| U.S. Postal Service, any private mail service, electronic |
| 18 |
| mail, or any similar method of delivery, unless State or |
| 19 |
| federal law requires the social security number to be on |
| 20 |
| the document to be mailed. Notwithstanding any provision in |
| 21 |
| this Section to the contrary, social security numbers may |
| 22 |
| be included in applications and forms sent by mail, |
| 23 |
| including, but not limited to, any material mailed in |
| 24 |
| connection with the administration of the Unemployment |
| 25 |
| Insurance Act, any material mailed in connection with any |
| 26 |
| tax administered by the Department of Revenue, and |
|
|
|
SB2113 |
- 3 - |
LRB095 18762 HLH 44882 b |
|
|
| 1 |
| documents sent as part of an application or enrollment |
| 2 |
| process or to establish, amend, or terminate an account, |
| 3 |
| contract, or policy or to confirm the accuracy of the |
| 4 |
| social security number. A social security number that may |
| 5 |
| permissibly be mailed under this Section may not be |
| 6 |
| printed, in whole or in part, on a postcard or other mailer |
| 7 |
| that does not require an envelope or be visible on an |
| 8 |
| envelope or visible without the envelope having been |
| 9 |
| opened. |
| 10 |
| (6) Collect a social security number from an |
| 11 |
| individual, unless required to do so under State or federal |
| 12 |
| law, rules, or regulations, unless the collection of the |
| 13 |
| social security number is otherwise necessary for the |
| 14 |
| performance of that agency's duties and responsibilities. |
| 15 |
| Social security numbers collected by a State or local |
| 16 |
| government agency must be relevant to the purpose for which |
| 17 |
| the number was collected and must not be collected unless |
| 18 |
| and until the need for social security numbers for that |
| 19 |
| purpose has been clearly documented. |
| 20 |
| (7) When requesting a social security number from an |
| 21 |
| individual or when filing a document with the clerk of the |
| 22 |
| circuit court or with the recorder of deeds that has been |
| 23 |
| generated by a person or agency and on which the person or |
| 24 |
| agency has requested a social security number, fail to |
| 25 |
| segregate the social security number on a separate page |
| 26 |
| from the rest of the record, provide a discrete location |
|
|
|
SB2113 |
- 4 - |
LRB095 18762 HLH 44882 b |
|
|
| 1 |
| for a social security number when required on a |
| 2 |
| standardized form, or otherwise place the number in a |
| 3 |
| manner that makes it easily redacted if required to be |
| 4 |
| released as part of a public records request. |
| 5 |
| (8) When collecting a social security number from an |
| 6 |
| individual, fail to provide to the individual, at the time |
| 7 |
| of or prior to the actual collection of the social security |
| 8 |
| number by that agency, upon request by the individual, a |
| 9 |
| statement of the purpose or purposes for which the agency |
| 10 |
| is collecting and using the social security number. |
| 11 |
| (9) Use the social security number for any purpose |
| 12 |
| other than the purpose stated in the statement provided |
| 13 |
| under item (8). |
| 14 |
| (10) Intentionally communicate or otherwise make |
| 15 |
| available to the general public a person's social security |
| 16 |
| number or other identifying information. |
| 17 |
| (b) The prohibitions in subsection (a) do not apply in the |
| 18 |
| following circumstances: |
| 19 |
| (1) The disclosure of social security numbers or other |
| 20 |
| identifying information disclosed to agents, employees, or |
| 21 |
| contractors of a governmental entity or disclosed by a |
| 22 |
| governmental entity to another governmental entity or its |
| 23 |
| agents, employees, or contractors if disclosure is |
| 24 |
| necessary in order for the entity to perform its duties and |
| 25 |
| responsibilities and if the governmental entity and its |
| 26 |
| agents, employees, and contractors maintain the |
|
|
|
SB2113 |
- 5 - |
LRB095 18762 HLH 44882 b |
|
|
| 1 |
| confidential and exempt status of the social security |
| 2 |
| numbers or other identifying information. |
| 3 |
| (2) The disclosure of social security numbers or other |
| 4 |
| identifying information disclosed pursuant to a court |
| 5 |
| order, warrant, or subpoena. |
| 6 |
| (3) The collection, use, or disclosure of social |
| 7 |
| security numbers or other identifying information in order |
| 8 |
| to ensure the safety of: State and local government |
| 9 |
| employees; persons committed to correctional facilities, |
| 10 |
| local jails, and other law-enforcement facilities or |
| 11 |
| retention centers; wards of the State; and all persons |
| 12 |
| working in or visiting a State or local government agency |
| 13 |
| facility. |
| 14 |
| (4) The disclosure of social security numbers by a |
| 15 |
| State agency to any entity for the collection of delinquent |
| 16 |
| child support or of any State debt. |
| 17 |
| (5) The collection, use, or disclosure of social |
| 18 |
| security numbers or other identifying information to |
| 19 |
| investigate or prevent fraud, to conduct background |
| 20 |
| checks, to conduct social or scientific research, to |
| 21 |
| collect a debt, to obtain a credit report from or furnish |
| 22 |
| data to a consumer reporting agency under the federal Fair |
| 23 |
| Credit Reporting Act, to undertake any permissible purpose |
| 24 |
| that is enumerated under the federal Gramm Leach Bliley |
| 25 |
| Act, or to locate a missing person, a lost relative, or a |
| 26 |
| person who is due a benefit, such as a pension benefit or |
|
|
|
SB2113 |
- 6 - |
LRB095 18762 HLH 44882 b |
|
|
| 1 |
| an unclaimed-property benefit. |
| 2 |
| (c) If any State agency or local government agency has |
| 3 |
| adopted standards for the collection, use, or disclosure of |
| 4 |
| social security numbers or other identifying information that |
| 5 |
| are stricter than the standards under this Act with respect to |
| 6 |
| the protection of that identifying information, then, in the |
| 7 |
| event of any conflict with the provisions of this Act, the |
| 8 |
| stricter standards adopted by the State agency or local |
| 9 |
| government agency shall control.
|
| 10 |
| Section 15. Public inspection and copying of information |
| 11 |
| and documents. Notwithstanding any other provision of this Act |
| 12 |
| to the contrary, a person or State or local government agency |
| 13 |
| must comply with the provisions of any other State law with |
| 14 |
| respect to allowing the public inspection and copying of |
| 15 |
| information or documents containing all or any portion of an |
| 16 |
| individual's social security number or other identifying |
| 17 |
| information.
|
| 18 |
| Section 20. Applicability. |
| 19 |
| (a) This Act does not apply to the collection, use, or |
| 20 |
| release
of a social security number or other identifying |
| 21 |
| information, as required by State or federal law, rule, or |
| 22 |
| regulation, or
the use of a social security number or other |
| 23 |
| identifying information for internal verification or
|
| 24 |
| administrative purposes. |
|
|
|
SB2113 |
- 7 - |
LRB095 18762 HLH 44882 b |
|
|
| 1 |
| (b) This Act does not apply to documents that are recorded |
| 2 |
| or
required to be open to the public under any State or federal |
| 3 |
| law, rule, or regulation, applicable case law, Supreme Court |
| 4 |
| Rule, or the Constitution of the State of Illinois.
|
| 5 |
| Section 25. Compliance with federal law. If a federal law |
| 6 |
| takes effect requiring any federal agency to establish a |
| 7 |
| national
unique patient health identifier program, any State or |
| 8 |
| local government agency that complies with the federal law |
| 9 |
| shall be deemed to be in compliance with this
Act.
|
| 10 |
| Section 30. Embedded social security numbers. Beginning |
| 11 |
| December 31, 2009, no person or State or local government |
| 12 |
| agency may encode or embed a social security
number in or on a |
| 13 |
| card or document, including, but not limited to,
using a bar |
| 14 |
| code, chip, magnetic strip, RFID technology, or other |
| 15 |
| technology, in place
of removing the social security number as |
| 16 |
| required by this Act.
|
| 17 |
| Section 35. Identity-protection policy. Each State agency |
| 18 |
| and local government agency must establish an |
| 19 |
| identity-protection policy and must implement that policy on or |
| 20 |
| before December 31, 2009. The policy must do all of the |
| 21 |
| following:
|
| 22 |
| (1) Require all employees of the State or local |
| 23 |
| government agency to be trained to protect the |
|
|
|
SB2113 |
- 8 - |
LRB095 18762 HLH 44882 b |
|
|
| 1 |
| confidentiality of social security numbers and to |
| 2 |
| understand the requirements of this Section. |
| 3 |
| (2) Prohibit the unlawful disclosure of social |
| 4 |
| security numbers. |
| 5 |
| (3) Limit the number of employees who have access to |
| 6 |
| information or documents that contain social security |
| 7 |
| numbers. |
| 8 |
| (4) Describe how to properly dispose of information and |
| 9 |
| documents that contain social security numbers. |
| 10 |
| (5) Establish penalties for violation of the privacy |
| 11 |
| policy.
|
| 12 |
| (6) Prevent the intentional communication of or |
| 13 |
| ability of the general public to access an individual's |
| 14 |
| social security number. |
| 15 |
| Each State agency must file a written copy of its privacy |
| 16 |
| policy with the Clerk of the House of Representatives and the |
| 17 |
| Secretary of the Senate. Each local government agency must file |
| 18 |
| a written copy of its privacy policy with the governing board |
| 19 |
| of the unit of local government. Each State or local government |
| 20 |
| agency must also provide a written copy of the policy to each |
| 21 |
| of its employees, and must also make its privacy policy |
| 22 |
| available to any member of the public, upon request. If a State |
| 23 |
| or local government agency amends its privacy policy, then that |
| 24 |
| agency must file a written copy of the amended policy with the |
| 25 |
| appropriate entity and must also provide each of its employees |
| 26 |
| with a new written copy of the amended policy.
|
|
|
|
SB2113 |
- 9 - |
LRB095 18762 HLH 44882 b |
|
|
| 1 |
| Section 40. Judicial branch and clerks of courts. The |
| 2 |
| judicial branch and clerks of the circuit court are not subject |
| 3 |
| to the provisions of this Act, except that the Supreme Court |
| 4 |
| shall, under its rulemaking authority or by administrative |
| 5 |
| order, adopt requirements applicable to the judicial branch, |
| 6 |
| including clerks of the circuit court, regulating the |
| 7 |
| disclosure of social security numbers consistent with the |
| 8 |
| intent of this Act and the unique circumstances relevant in the |
| 9 |
| judicial process.
|
| 10 |
| Section 45. Violation. Any person who intentionally |
| 11 |
| violates this Act is guilty of a Class B misdemeanor.
|
| 12 |
| Section 50. Home rule. A home rule unit may not regulate |
| 13 |
| the use of social security numbers in a manner that is |
| 14 |
| inconsistent with this Act. This Act is a limitation under |
| 15 |
| subsection (i) of Section 6 of Article VII of the Illinois |
| 16 |
| Constitution on the concurrent exercise by home rule units of |
| 17 |
| powers and functions exercised by the State.
|
| 18 |
| Section 55. This Act does not supersede any more |
| 19 |
| restrictive law, rule, or regulation regarding the collection, |
| 20 |
| use, or release of social security numbers.
|
| 21 |
| Section 90. The State Mandates Act is amended by adding |