| ||||
| Public Act 097-0390 | ||||
| ||||
| ||||
AN ACT concerning State government.
| ||||
Be it enacted by the People of the State of Illinois,
| ||||
represented in the General Assembly:
| ||||
Section 5. The Data Security on State Computers Act is | ||||
amended by changing Section 20 as follows:
| ||||
(20 ILCS 450/20)
| ||||
Sec. 20. Establishment and implementation. The Data | ||||
Security on
State Computers Act is established to protect | ||||
sensitive data stored on
State-owned electronic data | ||||
processing equipment to be (i) disposed of by
sale, donation, | ||||
or
transfer or (ii) relinquished to a successor executive | ||||
administration. This Act
shall be administered by the | ||||
Department or an authorized
agency. The governing board of each | ||||
public university in this State must implement and administer | ||||
the provisions of this Act with respect to State-owned | ||||
electronic data processing equipment utilized by the | ||||
university. The Department or an authorized agency shall
| ||||
implement a policy
to mandate that all hard drives of surplus | ||||
electronic data processing equipment
be erased, wiped, | ||||
sanitized, or destroyed in a manner that prevents retrieval of | ||||
sensitive cleared of all data and software before being sold, | ||||
donated, or transferred prepared for sale, donation,
or | ||||
transfer
by
(i) overwriting the previously stored data on a | ||||
drive or a disk at least 3 10
times
or physically destroying | ||
the hard drive and (ii)
certifying in writing that the | ||
overwriting process has been completed by
providing
the | ||
following information: (1) the serial number of the computer or | ||
other
surplus
electronic data processing equipment; (2) the | ||
name of the overwriting software or physical destruction | ||
process
used; and (3) the name, date, and signature of the | ||
person performing the
overwriting or destruction process.
The | ||
head of each State agency shall
establish a system for the | ||
protection and preservation of State
data on State-owned | ||
electronic data processing equipment necessary for the
| ||
continuity of
government functions upon it being relinquished | ||
to a successor executive
administration.
| ||
For purposes of this Act and any other State directive | ||
requiring the clearing of data and software from State-owned | ||
electronic data processing equipment prior to sale, donation, | ||
or transfer by the General Assembly or a public university in | ||
this State, the General Assembly or the governing board of the | ||
university shall have and maintain responsibility for the | ||
implementation and administration of the requirements for | ||
clearing State-owned electronic data processing equipment | ||
utilized by the General Assembly or the university. | ||
(Source: P.A. 96-45, eff. 7-15-09.)
| ||
Section 99. Effective date. This Act takes effect upon | ||
becoming law.
| ||