103RD GENERAL ASSEMBLY
State of Illinois
2023 and 2024
SB0857

 

Introduced 2/2/2023, by Sen. Don Harmon

 

SYNOPSIS AS INTRODUCED:
 
20 ILCS 450/20

    Amends the Data Security on State Computers Act. Makes a technical change in a Section concerning the establishment and implementation of the Act.


LRB103 03316 RPS 48322 b

 

 

A BILL FOR

 

SB0857LRB103 03316 RPS 48322 b

1    AN ACT concerning State government.
 
2    Be it enacted by the People of the State of Illinois,
3represented in the General Assembly:
 
4    Section 5. The Data Security on State Computers Act is
5amended by changing Section 20 as follows:
 
6    (20 ILCS 450/20)
7    Sec. 20. Establishment and implementation. The The Data
8Security on State Computers Act is established to protect
9sensitive data stored on State-owned electronic data
10processing equipment to be (i) disposed of by sale, donation,
11or transfer or (ii) relinquished to a successor executive
12administration. This Act shall be administered by the
13Department or an authorized agency. The governing board of
14each public university in this State must implement and
15administer the provisions of this Act with respect to
16State-owned electronic data processing equipment utilized by
17the university. The Department or an authorized agency shall
18implement a policy to mandate that all hard drives of surplus
19electronic data processing equipment be erased, wiped,
20sanitized, or destroyed in a manner that prevents retrieval of
21sensitive data and software before being sold, donated, or
22transferred by (i) overwriting the previously stored data on a
23drive or a disk at least 3 times or physically destroying the

 

 

SB0857- 2 -LRB103 03316 RPS 48322 b

1hard drive and (ii) certifying in writing that the overwriting
2process has been completed by providing the following
3information: (1) the serial number of the computer or other
4surplus electronic data processing equipment; (2) the name of
5the overwriting software or physical destruction process used;
6and (3) the name, date, and signature of the person performing
7the overwriting or destruction process. The head of each State
8agency shall establish a system for the protection and
9preservation of State data on State-owned electronic data
10processing equipment necessary for the continuity of
11government functions upon it being relinquished to a successor
12executive administration.
13    For purposes of this Act and any other State directive
14requiring the clearing of data and software from State-owned
15electronic data processing equipment prior to sale, donation,
16or transfer by the General Assembly or a public university in
17this State, the General Assembly or the governing board of the
18university shall have and maintain responsibility for the
19implementation and administration of the requirements for
20clearing State-owned electronic data processing equipment
21utilized by the General Assembly or the university.
22(Source: P.A. 96-45, eff. 7-15-09; 97-390, eff. 8-15-11.)