Bill Status of HB 3040   102nd General Assembly


Short Description:  INSURANCE DATA SECURITY ACT

House Sponsors
Rep. Keith R. Wheeler

Last Action  View All Actions

DateChamber Action
  1/10/2023HouseSession Sine Die

Statutes Amended In Order of Appearance
New Act
5 ILCS 140/7.5

Synopsis As Introduced
Creates the Insurance Data Security Act. Requires any person licensed, authorized to operate, or registered as an insurer in accordance with the insurance laws of this State to conduct a risk assessment of cybersecurity threats, implement appropriate security measures, and no less than annually assess the effectiveness of the safeguards' key controls, systems, and procedures. Requires a licensee to develop, implement, and maintain a written information security program based on the licensee's risk assessment. Requires each licensee to establish a written incident response plan designed to promptly respond to, and recover from, any cybersecurity event that compromises the confidentiality, integrity, or availability of nonpublic information in its possession, the licensee's information systems, or the continuing functionality of any aspect of the licensee's business or operations. Requires licensees domiciled in this State to annually submit a written certification of compliance to the Director of Insurance. Provides that a licensee shall notify the Director as promptly as possible, but not later than 72 hours from a determination that a cybersecurity event has occurred in specified circumstances. Provides standards and procedures for risk management, data security, and notification and investigation of cybersecurity events resulting in unauthorized access to, disruption of, or misuse of nonpublic data. Provides that the Director has the power to examine and investigate to determine whether a licensee has been or is engaged in any conduct in violation of the Act. Grants the Department of Insurance rulemaking authority to implement the Act. Provides that any documents, materials, or other information obtained pursuant to the Act is confidential by law and privileged, is not subject to the Freedom of Information Act, is not subject to subpoena, and is not subject to discovery or admissible in evidence in any private civil action. Makes a conforming change in the Freedom of Information Act. Defines terms. Effective January 1, 2022.

Actions 
DateChamber Action
  2/18/2021HouseFiled with the Clerk by Rep. Keith R. Wheeler
  2/19/2021HouseFirst Reading
  2/19/2021HouseReferred to Rules Committee
  3/16/2021HouseAssigned to Cybersecurity, Data Analytics, & IT Committee
  3/27/2021HouseRule 19(a) / Re-referred to Rules Committee
  1/10/2023HouseSession Sine Die

Back To Top