(215 ILCS 215/15) (This Section may contain text from a Public Act with a delayed effective date)
Sec. 15. Investigation of a cybersecurity event.
(a) If the licensee learns that a cybersecurity event has occurred or may have occurred, the licensee, or an outside vendor or service provider designated to act on behalf of the licensee, shall conduct a prompt investigation.
(b) During the investigation the licensee, or an outside vendor or service provider designated to act on behalf of the licensee, shall, at a minimum, comply with as many of the following as possible:
(1) determine whether a cybersecurity event has occurred;
(2) assess the nature and scope of the cybersecurity event;
(3) identify any nonpublic information that may have been involved in the |
|
(4) perform or oversee reasonable measures to restore the security of the information
|
| systems compromised in the cybersecurity event in order to prevent further unauthorized acquisition, release, or use of nonpublic information in the licensee's possession, custody, or control.
|
|
(c) If the licensee learns that a cybersecurity event has occurred or may have occurred in a system maintained by a third-party service provider, the licensee will complete the steps listed in subsection (b) or confirm and document that the third-party service provider has completed those steps.
(d) The licensee shall maintain records concerning all cybersecurity events for a period of at least 5 years from the date of the cybersecurity event and shall produce those records upon demand of the Director.
(Source: P.A. 103-142, eff. 1-1-24.)
|