Sen. Daniel Biss
Filed: 4/10/2015
 
 

 

 

 
09900SB1833sam001LRB099 09064 JLS 33138 a



1
AMENDMENT TO SENATE BILL 1833




2    AMENDMENT NO. ______. Amend Senate Bill 1833 on page 3, 
3line 2, by changing "obtained" to "acquired without 
4authorization"; and
 


5on page 4, line 14, by changing "information" to "information, 
6excluding geolocation information and consumer marketing 
7information,"; and
 


8on page 4 by replacing lines 23 through 25 with the following:


9"not be limited to, information as follows:
10        (1) With respect to personal information as defined in 
11    Section 5 in paragraph (1) of the definition of "personal 
12    information":
13            (A) (i) the toll-free numbers and addresses for 
14        consumer reporting agencies; ,
15            (B) (ii) the toll-free number, address, and 
16        website address for the Federal Trade Commission; , and
 
 
09900SB1833sam001- 2 -LRB099 09064 JLS 33138 a

1            (C) (iii) a statement that the individual can 
2        obtain information from these sources about fraud 
3        alerts and security freezes. 
4        The notification shall not, however, include 
5    information concerning the number of Illinois residents 
6    affected by the breach.
7        (2) With respect to personal information defined in 
8    Section 5 in paragraph (2) of the definition of "personal 
9    information", notice may be provided in electronic or other 
10    form directing the Illinois resident whose personal 
11    information has been breached to promptly change his or her 
12    username or password and security question or answer, as 
13    applicable, or to take other steps appropriate to protect 
14    all online accounts for which the resident uses the same 
15    user name or email address and password or security 
16    question and answer."; and
 
17on page 5 by deleting lines 1 through 5; and
 
18on page 7 by replacing lines 13 through 16 with the following:
19        "(1) Any data collector that suffers a breach of the 
20    security of the data concerning the personal information of 
21    more than 250 Illinois residents shall provide notice to 
22    the Attorney General of the"; and 
 
23on page 7, line 24, by replacing "14" with "30"; and
 
 
 
09900SB1833sam001- 3 -LRB099 09064 JLS 33138 a

1on page 8 by replacing lines 8 through 10 with the following:
2"personal information that suffers a breach of the security of 
3the data concerning the personal information of more than 250 
4Illinois residents shall notify the Attorney"; and 
 
5on page 8, line 21, by changing "14" to "30"; and
 
6on page 9 by inserting immediately below line 2 the following:
7    "(f) A data collector that suffers a breach subject to the 
8breach notification standards established pursuant to the 
9federal Health Information Technology Act, 42 U.S.C. Section 
1017932, shall be deemed to be in compliance with the provisions 
11of this Section if that data collector does the following: (1) 
12provides notification to individuals in compliance with the 
13federal Health Information Technology Act and implementing 
14regulations and (2) provides notification to the Attorney 
15General pursuant to subsection (e)."; and
 
16on page 9 by inserting immediately below line 25 the following:
17    "(d)  A data collector that is subject to and in compliance 
18with the security standards for the protection of electronic 
19health information, 45 C.F.R. Parts 160 and 164, established 
20pursuant to the federal Health Insurance Portability and 
21Accountability Act of 1996 shall be deemed to be in compliance 
22with the provisions of this Section.
 
 
09900SB1833sam001- 4 -LRB099 09064 JLS 33138 a

1    (e) A data collector that is subject to and in compliance 
2with the standards established pursuant to Section 501(b) of 
3the Gramm-Leach-Bliley Act of 1999, 15 U.S.C. Section 6801, 
4shall be deemed to be in compliance with the provisions of this 
5Section.".