Full Text of HB4890 95th General Assembly
HB4890 95TH GENERAL ASSEMBLY
|
|
|
95TH GENERAL ASSEMBLY
State of Illinois
2007 and 2008 HB4890
Introduced , by Rep. Richard P. Myers SYNOPSIS AS INTRODUCED: |
|
20 ILCS 450/15 |
|
20 ILCS 450/20 |
|
|
Amends the Data Security on State Computers Act. Provides that the definition of "Agency" does not include public universities or their governing boards. Requires the governing board of each public university in this State to implement and administer the provisions of the Act with respect to State-owned electronic data processing equipment utilized by the university. Provides that the governing board shall implement a policy to mandate that all hard drives of surplus electronic data processing equipment be cleared of all data and software before being prepared for sale, donation, or transfer by following certain requirements. For purposes of the Act and any other State directive requiring the clearing of data and software from State-owned electronic data processing equipment prior to sale, donation, or transfer by a public university, provides that the governing board of the university shall have and maintain responsibility for the implementation and administration of the requirements for clearing State-owned electronic data processing equipment utilized by the university. Effective immediately.
|
| |
|
|
| FISCAL NOTE ACT MAY APPLY | |
|
|
A BILL FOR
|
|
|
|
|
HB4890 |
|
LRB095 17105 NHT 44889 b |
|
| 1 |
| AN ACT concerning education.
| 2 |
| Be it enacted by the People of the State of Illinois,
| 3 |
| represented in the General Assembly:
| 4 |
| Section 5. The Data Security on State Computers Act is | 5 |
| amended by changing Sections 15 and 20 as follows:
| 6 |
| (20 ILCS 450/15)
| 7 |
| Sec. 15. Definitions. As used in this Act:
| 8 |
| "Agency" means all parts, boards, and commissions of the | 9 |
| executive
branch of State government , other than public | 10 |
| universities or their governing boards , including, but not | 11 |
| limited to, State colleges and
universities and their governing | 12 |
| boards and all departments established by the
Civil | 13 |
| Administrative Code of Illinois.
| 14 |
| "Disposal by sale, donation, or transfer" includes, but is | 15 |
| not limited to,
the
sale, donation, or
transfer
of surplus | 16 |
| electronic data processing equipment to other agencies, | 17 |
| schools,
individuals, and
not-for-profit agencies.
| 18 |
| "Electronic data processing equipment" includes, but is | 19 |
| not limited to,
computer (CPU) mainframes, and any form of | 20 |
| magnetic storage media.
| 21 |
| "Authorized agency" means an agency authorized by the | 22 |
| Department of
Central Management Services to sell or transfer | 23 |
| electronic data processing
equipment under Sections 5010.1210 |
|
|
|
HB4890 |
- 2 - |
LRB095 17105 NHT 44889 b |
|
| 1 |
| and 5010.1220 of Title 44 of the Illinois
Administrative Code.
| 2 |
| "Department" means the Department of Central Management | 3 |
| Services.
| 4 |
| "Overwrite" means the replacement of previously stored | 5 |
| information with
a pre-determined pattern of meaningless | 6 |
| information.
| 7 |
| (Source: P.A. 93-306, eff. 7-23-03.)
| 8 |
| (20 ILCS 450/20)
| 9 |
| Sec. 20. Establishment and implementation. The Data | 10 |
| Security on
State Computers Act is established to protect | 11 |
| sensitive data stored on
State-owned electronic data | 12 |
| processing equipment to be (i) disposed of by
sale, donation, | 13 |
| or
transfer or (ii) relinquished to a successor executive | 14 |
| administration. This Act
shall be administered by the | 15 |
| Department or an authorized
agency. The governing board of each | 16 |
| public university in this State must implement and administer | 17 |
| the provisions of this Act with respect to State-owned | 18 |
| electronic data processing equipment utilized by the | 19 |
| university. The Department or an authorized agency shall
| 20 |
| implement a policy
to mandate that all hard drives of surplus | 21 |
| electronic data processing equipment
be cleared of all data and | 22 |
| software before being prepared for sale, donation,
or transfer
| 23 |
| by
(i) overwriting the previously stored data on a drive or a | 24 |
| disk at least 10
times
and (ii)
certifying in writing that the | 25 |
| overwriting process has been completed by
providing
the |
|
|
|
HB4890 |
- 3 - |
LRB095 17105 NHT 44889 b |
|
| 1 |
| following information: (1) the serial number of the computer or | 2 |
| other
surplus
electronic data processing equipment; (2) the | 3 |
| name of the overwriting software
used; and (3) the name, date, | 4 |
| and signature of the person performing the
overwriting process.
| 5 |
| The head of each State agency shall
establish a system for the | 6 |
| protection and preservation of State
data on State-owned | 7 |
| electronic data processing equipment necessary for the
| 8 |
| continuity of
government functions upon it being relinquished | 9 |
| to a successor executive
administration.
| 10 |
| For purposes of this Act and any other State directive | 11 |
| requiring the clearing of data and software from State-owned | 12 |
| electronic data processing equipment prior to sale, donation, | 13 |
| or transfer by a public university in this State, the governing | 14 |
| board of the university shall have and maintain responsibility | 15 |
| for the implementation and administration of the requirements | 16 |
| for clearing State-owned electronic data processing equipment | 17 |
| utilized by the university. | 18 |
| (Source: P.A. 93-306, eff. 7-23-03.)
| 19 |
| Section 99. Effective date. This Act takes effect upon | 20 |
| becoming law.
|
|