Public Act 097-0390
 
SB1862 EnrolledLRB097 08343 PJG 48470 b

    AN ACT concerning State government.
 
    Be it enacted by the People of the State of Illinois,
represented in the General Assembly:
 
    Section 5. The Data Security on State Computers Act is
amended by changing Section 20 as follows:
 
    (20 ILCS 450/20)
    Sec. 20. Establishment and implementation. The Data
Security on State Computers Act is established to protect
sensitive data stored on State-owned electronic data
processing equipment to be (i) disposed of by sale, donation,
or transfer or (ii) relinquished to a successor executive
administration. This Act shall be administered by the
Department or an authorized agency. The governing board of each
public university in this State must implement and administer
the provisions of this Act with respect to State-owned
electronic data processing equipment utilized by the
university. The Department or an authorized agency shall
implement a policy to mandate that all hard drives of surplus
electronic data processing equipment be erased, wiped,
sanitized, or destroyed in a manner that prevents retrieval of
sensitive cleared of all data and software before being sold,
donated, or transferred prepared for sale, donation, or
transfer by (i) overwriting the previously stored data on a
drive or a disk at least 3 10 times or physically destroying
the hard drive and (ii) certifying in writing that the
overwriting process has been completed by providing the
following information: (1) the serial number of the computer or
other surplus electronic data processing equipment; (2) the
name of the overwriting software or physical destruction
process used; and (3) the name, date, and signature of the
person performing the overwriting or destruction process. The
head of each State agency shall establish a system for the
protection and preservation of State data on State-owned
electronic data processing equipment necessary for the
continuity of government functions upon it being relinquished
to a successor executive administration.
    For purposes of this Act and any other State directive
requiring the clearing of data and software from State-owned
electronic data processing equipment prior to sale, donation,
or transfer by the General Assembly or a public university in
this State, the General Assembly or the governing board of the
university shall have and maintain responsibility for the
implementation and administration of the requirements for
clearing State-owned electronic data processing equipment
utilized by the General Assembly or the university.
(Source: P.A. 96-45, eff. 7-15-09.)
 
    Section 99. Effective date. This Act takes effect upon
becoming law.