|
Sen. Daniel Biss
Filed: 4/10/2015
| | 09900SB1833sam001 | | LRB099 09064 JLS 33138 a |
|
|
| 1 | | AMENDMENT TO SENATE BILL 1833
|
| 2 | | AMENDMENT NO. ______. Amend Senate Bill 1833 on page 3, |
| 3 | | line 2, by changing "obtained" to "acquired without |
| 4 | | authorization"; and
|
| 5 | | on page 4, line 14, by changing "information" to "information, |
| 6 | | excluding geolocation information and consumer marketing |
| 7 | | information,"; and
|
| 8 | | on page 4 by replacing lines 23 through 25 with the following:
|
| 9 | | "not be limited to, information as follows: |
| 10 | | (1) With respect to personal information as defined in |
| 11 | | Section 5 in paragraph (1) of the definition of "personal |
| 12 | | information": |
| 13 | | (A) (i) the toll-free numbers and addresses for |
| 14 | | consumer reporting agencies; , |
| 15 | | (B) (ii) the toll-free number, address, and |
| 16 | | website address for the Federal Trade Commission; , and |
|
| | 09900SB1833sam001 | - 2 - | LRB099 09064 JLS 33138 a |
|
|
| 1 | | (C) (iii) a statement that the individual can |
| 2 | | obtain information from these sources about fraud |
| 3 | | alerts and security freezes. |
| 4 | | The notification shall not, however, include |
| 5 | | information concerning the number of Illinois residents |
| 6 | | affected by the breach. |
| 7 | | (2) With respect to personal information defined in |
| 8 | | Section 5 in paragraph (2) of the definition of "personal |
| 9 | | information", notice may be provided in electronic or other |
| 10 | | form directing the Illinois resident whose personal |
| 11 | | information has been breached to promptly change his or her |
| 12 | | username or password and security question or answer, as |
| 13 | | applicable, or to take other steps appropriate to protect |
| 14 | | all online accounts for which the resident uses the same |
| 15 | | user name or email address and password or security |
| 16 | | question and answer."; and
|
| 17 | | on page 5 by deleting lines 1 through 5; and
|
| 18 | | on page 7 by replacing lines 13 through 16 with the following: |
| 19 | | "(1) Any data collector that suffers a breach of the |
| 20 | | security of the data concerning the personal information of |
| 21 | | more than 250 Illinois residents shall provide notice to |
| 22 | | the Attorney General of the"; and
|
| 23 | | on page 7, line 24, by replacing "14" with "30"; and
|
|
| | 09900SB1833sam001 | - 3 - | LRB099 09064 JLS 33138 a |
|
|
| 1 | | on page 8 by replacing lines 8 through 10 with the following: |
| 2 | | "personal information that suffers a breach of the security of |
| 3 | | the data concerning the personal information of more than 250 |
| 4 | | Illinois residents shall notify the Attorney"; and
|
| 5 | | on page 8, line 21, by changing "14" to "30"; and
|
| 6 | | on page 9 by inserting immediately below line 2 the following: |
| 7 | | "(f) A data collector that suffers a breach subject to the |
| 8 | | breach notification standards established pursuant to the |
| 9 | | federal Health Information Technology Act, 42 U.S.C. Section |
| 10 | | 17932, shall be deemed to be in compliance with the provisions |
| 11 | | of this Section if that data collector does the following: (1) |
| 12 | | provides notification to individuals in compliance with the |
| 13 | | federal Health Information Technology Act and implementing |
| 14 | | regulations and (2) provides notification to the Attorney |
| 15 | | General pursuant to subsection (e)."; and
|
| 16 | | on page 9 by inserting immediately below line 25 the following: |
| 17 | | "(d) A data collector that is subject to and in compliance |
| 18 | | with the security standards for the protection of electronic |
| 19 | | health information, 45 C.F.R. Parts 160 and 164, established |
| 20 | | pursuant to the federal Health Insurance Portability and |
| 21 | | Accountability Act of 1996 shall be deemed to be in compliance |
| 22 | | with the provisions of this Section. |