|
|
|
|
94TH GENERAL ASSEMBLY
State of Illinois
2005 and 2006
SB0209
Introduced 2/2/2005, by Sen. Martin A. Sandoval SYNOPSIS AS INTRODUCED:
|
|
|
|
Creates the Personal Information Protection Act. Requires each financial institution to provide an annual disclosure statement to all persons for which the financial institution maintains unencrypted personal information concerning measures the financial institution has taken to prevent (i) a breach of the security system and (ii) any unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of personal information maintained by the financial institution. Requires each financial institution to maintain duplicate records of all computerized data at a back-up site located at least 90 miles from the primary site at which the data is stored. Provides that the effectiveness of the back-up site shall be tested annually and requires the results of that test to be included in the annual disclosure statement.
|
| |
|
|
|
|
A BILL FOR
|
|
|
|
|
SB0209 |
|
LRB094 05727 MKM 35779 b |
|
|
| 1 |
| AN ACT concerning regulation.
|
| 2 |
| Be it enacted by the People of the State of Illinois,
|
| 3 |
| represented in the General Assembly:
|
| 4 |
| Section 1. Short title. This Act may be cited as the |
| 5 |
| Personal Information Protection Act.
|
| 6 |
| Section 5. Definitions. As used in this Act: |
| 7 |
| "Financial institution" means (i) any bank subject to the |
| 8 |
| Illinois
Banking
Act, any savings bank subject to the Savings |
| 9 |
| Bank Act, any savings and
loan association subject to the |
| 10 |
| Illinois Savings and Loan Act of 1985, or any
credit union |
| 11 |
| subject to the Illinois Credit Union Act; (ii) any
federally |
| 12 |
| chartered commercial bank, savings bank, savings and loan
|
| 13 |
| association, or credit union organized and operated in this |
| 14 |
| State under the
laws of the United
States; and (iii) any |
| 15 |
| business corporation, limited liability company,
business |
| 16 |
| trust, partnership, joint venture, or other entity that is |
| 17 |
| directly or
indirectly at least 50% owned by or commonly owned |
| 18 |
| with a financial
institution. |
| 19 |
| "Personal information" means a person's first name or first |
| 20 |
| initial and last name in combination with any one or more of |
| 21 |
| the following data elements, when either the name or the data |
| 22 |
| elements are not encrypted: |
| 23 |
| (1) social security number; |
| 24 |
| (2) driver's license number or state identification |
| 25 |
| card number; or |
| 26 |
| (3) account number, credit or debit card number, in |
| 27 |
| combination with any required security code, access code, |
| 28 |
| or password that would permit access to a financial |
| 29 |
| account. |
| 30 |
| "Personal information" does not include information that is |
| 31 |
| lawfully made available to the public from federal, State, or |
| 32 |
| local government records.
|