Illinois Senate Judiciary Committee members advanced a bill on Tuesday that would strengthen the state's data-breach notification law, Illinois Attorney General Lisa Madigan said.
Senate Bill 1833 is sponsored by state Sen. Dan Biss (D-Dist 9) and was advanced by the committee unanimously.
“Ten years ago, we passed a notification law that made Illinois a national leader in alerting people when their personal information was compromised or stolen,” Madigan said. “Since then, the type and amount of personal information being collected and shared has greatly expanded. As we spend more time online and (rely) on technology, we must update our laws to reflect that new reality.”
The Personal Information Protection Act passed in 2005 with the support of Madigan, and she helped draft SB 1833, which would amend the law. When the law was enacted 10 years ago, it made Illinois one of the first states in the country to require businesses and other entities to notify Illinois residents in the event of a data breach that includes residents' drivers' license numbers, financial account information and/or Social Security numbers.
Under the changes, the bill would expand that list to include breaches involving medical information, geo-location information, biometric data, contact information, sensitive consumer marketing data and log-in credentials for online accounts. Businesses and other entities that hold the sensitive information would be required to take “reasonable” steps to protect the information, Madigan said.