Information maintained by the Legislative Reference Bureau
Updating the database of the Illinois Compiled Statutes (ILCS) is an ongoing process. Recent laws may not yet be included in the ILCS database, but they are found on this site as Public Acts soon after they become law. For information concerning the relationship between statutes and Public Acts, refer to the Guide.

Because the statute database is maintained primarily for legislative drafting purposes, statutory changes are sometimes included in the statute database before they take effect. If the source note at the end of a Section of the statutes includes a Public Act that has not yet taken effect, the version of the law that is currently in effect may have already been removed from the database and you should refer to that Public Act to see the changes made to the current law.

GENERAL PROVISIONS
(5 ILCS 179/) Identity Protection Act.

5 ILCS 179/1

    (5 ILCS 179/1)
    Sec. 1. Short title. This Act may be cited as the Identity Protection Act.
(Source: P.A. 96-874, eff. 6-1-10.)

5 ILCS 179/5

    (5 ILCS 179/5)
    Sec. 5. Definitions. In this Act:
    "Identity-protection policy" means any policy created to protect social security numbers from unauthorized disclosure.
    "Local government agency" means that term as it is defined in Section 1-8 of the Illinois State Auditing Act.
    "Person" means any individual in the employ of a State agency or local government agency.
    "Publicly post" or "publicly display" means to intentionally communicate or otherwise intentionally make available to the general public.
    "State agency" means that term as it is defined in Section 1-7 of the Illinois State Auditing Act.
(Source: P.A. 96-874, eff. 6-1-10.)

5 ILCS 179/10

    (5 ILCS 179/10)
    Sec. 10. Prohibited activities.
    (a) Beginning July 1, 2010, no person or State or local government agency may do any of the following:
        (1) Publicly post or publicly display in any manner
    
an individual's social security number.
        (2) Print an individual's social security number on
    
any card required for the individual to access products or services provided by the person or entity.
        (3) Require an individual to transmit his or her
    
social security number over the Internet, unless the connection is secure or the social security number is encrypted.
        (4) Print an individual's social security number on
    
any materials that are mailed to the individual, through the U.S. Postal Service, any private mail service, electronic mail, or any similar method of delivery, unless State or federal law requires the social security number to be on the document to be mailed. Notwithstanding any provision in this Section to the contrary, social security numbers may be included in applications and forms sent by mail, including, but not limited to, any material mailed in connection with the administration of the Unemployment Insurance Act pursuant to the limitations and requirements of that Act, any material mailed in connection with any tax administered by the Department of Revenue, and documents sent as part of an application or enrollment process or to establish, amend, or terminate an account, contract, or policy or to confirm the accuracy of the social security number. A social security number that may permissibly be mailed under this Section may not be printed, in whole or in part, on a postcard or other mailer that does not require an envelope or be visible on an envelope without the envelope having been opened.
    (b) Except as otherwise provided in this Act, beginning July 1, 2010, no person or State or local government agency may do any of the following:
        (1) Collect, use, or disclose a social security
    
number from an individual, unless (i) required to do so under State or federal law, rules, or regulations, or the collection, use, or disclosure of the social security number is otherwise necessary for the performance of that agency's duties and responsibilities; (ii) the need and purpose for the social security number is documented before collection of the social security number; and (iii) the social security number collected is relevant to the documented need and purpose.
        (2) Require an individual to use his or her social
    
security number to access an Internet website.
        (3) Use the social security number for any purpose
    
other than the purpose for which it was collected.
    (c) The prohibitions in subsection (b) do not apply in the following circumstances:
        (1) The disclosure of social security numbers to
    
agents, employees, contractors, or subcontractors of a governmental entity or disclosure by a governmental entity to another governmental entity or its agents, employees, contractors, or subcontractors if disclosure is necessary in order for the entity to perform its duties and responsibilities; and, if disclosing to a contractor or subcontractor, prior to such disclosure, the governmental entity must first receive from the contractor or subcontractor a copy of the contractor's or subcontractor's policy that sets forth how the requirements imposed under this Act on a governmental entity to protect an individual's social security number will be achieved.
        (2) The disclosure of social security numbers
    
pursuant to a court order, warrant, or subpoena.
        (3) The collection, use, or disclosure of social
    
security numbers in order to ensure the safety of: State and local government employees; persons committed to correctional facilities, local jails, and other law-enforcement facilities or retention centers; wards of the State; youth in care as defined in Section 4d of the Children and Family Services Act, and all persons working in or visiting a State or local government agency facility.
        (4) The collection, use, or disclosure of social
    
security numbers for internal verification or administrative purposes.
        (5) The disclosure of social security numbers by a
    
State agency to any entity for the collection of delinquent child support or of any State debt or to a governmental agency to assist with an investigation or the prevention of fraud.
        (6) The collection or use of social security numbers
    
to investigate or prevent fraud, to conduct background checks, to collect a debt, to obtain a credit report from a consumer reporting agency under the federal Fair Credit Reporting Act, to undertake any permissible purpose that is enumerated under the federal Gramm-Leach-Bliley Act, or to locate a missing person, a lost relative, or a person who is due a benefit, such as a pension benefit or an unclaimed property benefit.
    (d) If any State or local government agency has adopted standards for the collection, use, or disclosure of social security numbers that are stricter than the standards under this Act with respect to the protection of those social security numbers, then, in the event of any conflict with the provisions of this Act, the stricter standards adopted by the State or local government agency shall control.
(Source: P.A. 102-26, eff. 6-25-21.)

5 ILCS 179/15

    (5 ILCS 179/15)
    Sec. 15. Public inspection and copying of documents. Notwithstanding any other provision of this Act to the contrary, a person or State or local government agency must comply with the provisions of any other State law with respect to allowing the public inspection and copying of information or documents containing all or any portion of an individual's social security number. A person or State or local government agency must redact social security numbers from the information or documents before allowing the public inspection or copying of the information or documents.
(Source: P.A. 96-874, eff. 6-1-10.)

5 ILCS 179/20

    (5 ILCS 179/20)
    Sec. 20. Applicability.
    (a) This Act does not apply to the collection, use, or disclosure of a social security number as required by State or federal law, rule, or regulation.
    (b) This Act does not apply to documents that are recorded with a county recorder or required to be open to the public under any State or federal law, rule, or regulation, applicable case law, Supreme Court Rule, or the Constitution of the State of Illinois. Notwithstanding this Section, county recorders must comply with Section 35 of this Act.
(Source: P.A. 96-874, eff. 6-1-10.)

5 ILCS 179/25

    (5 ILCS 179/25)
    Sec. 25. Compliance with federal law. If a federal law takes effect requiring any federal agency to establish a national unique patient health identifier program, any State or local government agency that complies with the federal law shall be deemed to be in compliance with this Act.
(Source: P.A. 96-874, eff. 6-1-10.)

5 ILCS 179/30

    (5 ILCS 179/30)
    Sec. 30. Embedded social security numbers. Beginning December 31, 2009, no person or State or local government agency may encode or embed a social security number in or on a card or document, including, but not limited to, using a bar code, chip, magnetic strip, RFID technology, or other technology, in place of removing the social security number as required by this Act.
(Source: P.A. 96-874, eff. 6-1-10.)

5 ILCS 179/35

    (5 ILCS 179/35)
    Sec. 35. Identity-protection policy; local government.
    (a) Each local government agency must draft and approve an identity-protection policy within 12 months after the effective date of this Act. The policy must do all of the following:
        (1) Identify this Act.
        (2) Require all employees of the local government
    
agency identified as having access to social security numbers in the course of performing their duties to be trained to protect the confidentiality of social security numbers. Training should include instructions on the proper handling of information that contains social security numbers from the time of collection through the destruction of the information.
        (3) Direct that only employees who are required to
    
use or handle information or documents that contain social security numbers have access to such information or documents.
        (4) Require that social security numbers requested
    
from an individual be provided in a manner that makes the social security number easily redacted if required to be released as part of a public records request.
        (5) Require that, when collecting a social security
    
number or upon request by the individual, a statement of the purpose or purposes for which the agency is collecting and using the social security number be provided.
    (b) Each local government agency must file a written copy of its privacy policy with the governing board of the unit of local government within 30 days after approval of the policy. Each local government agency must advise its employees of the existence of the policy and make a copy of the policy available to each of its employees, and must also make its privacy policy available to any member of the public, upon request. If a local government agency amends its privacy policy, then that agency must file a written copy of the amended policy with the appropriate entity and must also advise its employees of the existence of the amended policy and make a copy of the amended policy available to each of its employees.
    (c) Each local government agency must implement the components of its identity-protection policy that are necessary to meet the requirements of this Act within 12 months after the date the identity-protection policy is approved. This subsection (c) shall not affect the requirements of Section 10 of this Act.
(Source: P.A. 96-874, eff. 6-1-10.)

5 ILCS 179/37

    (5 ILCS 179/37)
    Sec. 37. Identity-protection policy; State.
    (a) Each State agency must draft and approve an identity-protection policy within 12 months after the effective date of this Act. The policy must do all of the following:
        (1) Identify this Act.
        (2) Require all employees of the State agency
    
identified as having access to social security numbers in the course of performing their duties to be trained to protect the confidentiality of social security numbers. Training should include instructions on proper handling of information that contains social security numbers from the time of collection through the destruction of the information.
        (3) Direct that only employees who are required to
    
use or handle information or documents that contain social security numbers have access to such information or documents.
        (4) Require that social security numbers requested
    
from an individual be placed in a manner that makes the social security number easily redacted if required to be released as part of a public records request.
        (5) Require that, when collecting a social security
    
number or upon request by the individual, a statement of the purpose or purposes for which the agency is collecting and using the social security number be provided.
    (b) Each State agency must provide a copy of its identity-protection policy to the Social Security Number Protection Task Force within 30 days after the approval of the policy.
    (c) Each State agency must implement the components of its identity-protection policy that are necessary to meet the requirements of this Act within 12 months after the date the identity-protection policy is approved. This subsection (c) shall not affect the requirements of Section 10 of this Act.
(Source: P.A. 96-874, eff. 6-1-10.)

5 ILCS 179/40

    (5 ILCS 179/40)
    Sec. 40. Judicial branch and clerks of courts. The judicial branch and clerks of the circuit court are not subject to the provisions of this Act, except that the Supreme Court shall, under its rulemaking authority or by administrative order, adopt requirements applicable to the judicial branch, including clerks of the circuit court, regulating the disclosure of social security numbers consistent with the intent of this Act and the unique circumstances relevant in the judicial process.
(Source: P.A. 96-874, eff. 6-1-10.)

5 ILCS 179/45

    (5 ILCS 179/45)
    Sec. 45. Violation. Any person who intentionally violates the prohibitions in Section 10 of this Act is guilty of a Class B misdemeanor.
(Source: P.A. 96-874, eff. 6-1-10.)

5 ILCS 179/50

    (5 ILCS 179/50)
    Sec. 50. Home rule. A home rule unit of local government, any non-home rule municipality, or any non-home rule county may regulate the use of social security numbers, but that regulation must be no less restrictive than this Act. This Act is a limitation under subsection (i) of Section 6 of Article VII of the Illinois Constitution on the concurrent exercise by home rule units of powers and functions exercised by the State.
(Source: P.A. 96-874, eff. 6-1-10.)

5 ILCS 179/55

    (5 ILCS 179/55)
    Sec. 55. This Act does not supersede any more restrictive law, rule, or regulation regarding the collection, use, or disclosure of social security numbers.
(Source: P.A. 96-874, eff. 6-1-10.)

5 ILCS 179/90

    (5 ILCS 179/90)
    Sec. 90. (Amendatory provisions; text omitted).
(Source: P.A. 96-874, eff. 6-1-10; text omitted.)