Full Text of HB3916 96th General Assembly
HB3916 96TH GENERAL ASSEMBLY
|
|
|
96TH GENERAL ASSEMBLY
State of Illinois
2009 and 2010 HB3916
Introduced 2/26/2009, by Rep. Frank J. Mautino SYNOPSIS AS INTRODUCED: |
|
20 ILCS 450/15 |
|
20 ILCS 450/17 new |
|
20 ILCS 450/20 |
|
|
Amends the Data Security on State Computers Act. Provides that the definition of "Agency" does not include public universities or their governing boards. Provides that the Act does not apply to the legislative branch of State government, the Office of the Lieutenant Governor, the Office of the Attorney General, the Office of the Secretary of State, the Office of the State Comptroller, or the Office of the State Treasurer. Requires the governing board of each public university in this State to implement and administer the provisions of the Act with respect to State-owned electronic data processing equipment utilized by the university. Provides that the governing board shall implement a policy to mandate that all hard drives of surplus electronic data processing equipment be cleared of all data and software before being prepared for sale, donation, or transfer by following certain requirements. For purposes of the Act and any other State directive requiring the clearing of data and software from State-owned electronic data processing equipment prior to sale, donation, or transfer by a public university, provides that the governing board of the university shall have and maintain responsibility for the implementation and administration of the requirements for clearing State-owned electronic data processing equipment utilized by the university. Effective immediately.
|
| |
|
|
| FISCAL NOTE ACT MAY APPLY | |
|
|
A BILL FOR
|
|
|
|
|
HB3916 |
|
LRB096 11724 NHT 22446 b |
|
| 1 |
| AN ACT concerning data security.
| 2 |
| Be it enacted by the People of the State of Illinois,
| 3 |
| represented in the General Assembly:
| 4 |
| Section 5. The Data Security on State Computers Act is | 5 |
| amended by changing Sections 15 and 20 and by adding Section 17 | 6 |
| as follows:
| 7 |
| (20 ILCS 450/15)
| 8 |
| Sec. 15. Definitions. As used in this Act:
| 9 |
| "Agency" means all parts, boards, and commissions of the | 10 |
| executive
branch of State government , other than public | 11 |
| universities or their governing boards , including, but not | 12 |
| limited to, State colleges and
universities and their governing | 13 |
| boards and all departments established by the
Civil | 14 |
| Administrative Code of Illinois.
| 15 |
| "Disposal by sale, donation, or transfer" includes, but is | 16 |
| not limited to,
the
sale, donation, or
transfer
of surplus | 17 |
| electronic data processing equipment to other agencies, | 18 |
| schools,
individuals, and
not-for-profit agencies.
| 19 |
| "Electronic data processing equipment" includes, but is | 20 |
| not limited to,
computer (CPU) mainframes, and any form of | 21 |
| magnetic storage media.
| 22 |
| "Authorized agency" means an agency authorized by the | 23 |
| Department of
Central Management Services to sell or transfer |
|
|
|
HB3916 |
- 2 - |
LRB096 11724 NHT 22446 b |
|
| 1 |
| electronic data processing
equipment under Sections 5010.1210 | 2 |
| and 5010.1220 of Title 44 of the Illinois
Administrative Code.
| 3 |
| "Department" means the Department of Central Management | 4 |
| Services.
| 5 |
| "Overwrite" means the replacement of previously stored | 6 |
| information with
a pre-determined pattern of meaningless | 7 |
| information.
| 8 |
| (Source: P.A. 93-306, eff. 7-23-03.)
| 9 |
| (20 ILCS 450/17 new) | 10 |
| Sec. 17. Exemption from Act. This Act does not apply to the | 11 |
| legislative branch of State government, the Office of the | 12 |
| Lieutenant Governor, the Office of the Attorney General, the | 13 |
| Office of the Secretary of State, the Office of the State | 14 |
| Comptroller, or the Office of the State Treasurer.
| 15 |
| (20 ILCS 450/20)
| 16 |
| Sec. 20. Establishment and implementation. The Data | 17 |
| Security on
State Computers Act is established to protect | 18 |
| sensitive data stored on
State-owned electronic data | 19 |
| processing equipment to be (i) disposed of by
sale, donation, | 20 |
| or
transfer or (ii) relinquished to a successor executive | 21 |
| administration. This Act
shall be administered by the | 22 |
| Department or an authorized
agency. The governing board of each | 23 |
| public university in this State must implement and administer | 24 |
| the provisions of this Act with respect to State-owned |
|
|
|
HB3916 |
- 3 - |
LRB096 11724 NHT 22446 b |
|
| 1 |
| electronic data processing equipment utilized by the | 2 |
| university. The Department or an authorized agency shall
| 3 |
| implement a policy
to mandate that all hard drives of surplus | 4 |
| electronic data processing equipment
be cleared of all data and | 5 |
| software before being prepared for sale, donation,
or transfer
| 6 |
| by
(i) overwriting the previously stored data on a drive or a | 7 |
| disk at least 10
times
and (ii)
certifying in writing that the | 8 |
| overwriting process has been completed by
providing
the | 9 |
| following information: (1) the serial number of the computer or | 10 |
| other
surplus
electronic data processing equipment; (2) the | 11 |
| name of the overwriting software
used; and (3) the name, date, | 12 |
| and signature of the person performing the
overwriting process.
| 13 |
| The head of each State agency shall
establish a system for the | 14 |
| protection and preservation of State
data on State-owned | 15 |
| electronic data processing equipment necessary for the
| 16 |
| continuity of
government functions upon it being relinquished | 17 |
| to a successor executive
administration.
| 18 |
| For purposes of this Act and any other State directive | 19 |
| requiring the clearing of data and software from State-owned | 20 |
| electronic data processing equipment prior to sale, donation, | 21 |
| or transfer by the General Assembly or a public university in | 22 |
| this State, the General Assembly or the governing board of the | 23 |
| university shall have and maintain responsibility for the | 24 |
| implementation and administration of the requirements for | 25 |
| clearing State-owned electronic data processing equipment | 26 |
| utilized by the General Assembly or the university. |
|
|
|
HB3916 |
- 4 - |
LRB096 11724 NHT 22446 b |
|
| 1 |
| (Source: P.A. 93-306, eff. 7-23-03.)
| 2 |
| Section 99. Effective date. This Act takes effect upon | 3 |
| becoming law.
|
|