HB4890 Engrossed LRB095 17105 NHT 44889 b

1     AN ACT concerning education.
 
2     Be it enacted by the People of the State of Illinois,
3 represented in the General Assembly:
 
4     Section 5. The Data Security on State Computers Act is
5 amended by changing Sections 15 and 20 and by adding Section 17
6 as follows:
 
7     (20 ILCS 450/15)
8     Sec. 15. Definitions. As used in this Act:
9     "Agency" means all parts, boards, and commissions of the
10 executive branch of State government, other than public
11 universities or their governing boards, including, but not
12 limited to, State colleges and universities and their governing
13 boards and all departments established by the Civil
14 Administrative Code of Illinois.
15     "Disposal by sale, donation, or transfer" includes, but is
16 not limited to, the sale, donation, or transfer of surplus
17 electronic data processing equipment to other agencies,
18 schools, individuals, and not-for-profit agencies.
19     "Electronic data processing equipment" includes, but is
20 not limited to, computer (CPU) mainframes, and any form of
21 magnetic storage media.
22     "Authorized agency" means an agency authorized by the
23 Department of Central Management Services to sell or transfer

 

 

HB4890 Engrossed - 2 - LRB095 17105 NHT 44889 b

1 electronic data processing equipment under Sections 5010.1210
2 and 5010.1220 of Title 44 of the Illinois Administrative Code.
3     "Department" means the Department of Central Management
4 Services.
5     "Overwrite" means the replacement of previously stored
6 information with a pre-determined pattern of meaningless
7 information.
8 (Source: P.A. 93-306, eff. 7-23-03.)
 
9     (20 ILCS 450/17 new)
10     Sec. 17. Exemption from Act. This Act does not apply to the
11 legislative branch of State government, the Office of the
12 Lieutenant Governor, the Office of the Attorney General, the
13 Office of the Secretary of State, the Office of the State
14 Comptroller, or the Office of the State Treasurer.
 
15     (20 ILCS 450/20)
16     Sec. 20. Establishment and implementation. The Data
17 Security on State Computers Act is established to protect
18 sensitive data stored on State-owned electronic data
19 processing equipment to be (i) disposed of by sale, donation,
20 or transfer or (ii) relinquished to a successor executive
21 administration. This Act shall be administered by the
22 Department or an authorized agency. The governing board of each
23 public university in this State must implement and administer
24 the provisions of this Act with respect to State-owned

 

 

HB4890 Engrossed - 3 - LRB095 17105 NHT 44889 b

1 electronic data processing equipment utilized by the
2 university. The Department or an authorized agency shall
3 implement a policy to mandate that all hard drives of surplus
4 electronic data processing equipment be cleared of all data and
5 software before being prepared for sale, donation, or transfer
6 by (i) overwriting the previously stored data on a drive or a
7 disk at least 10 times and (ii) certifying in writing that the
8 overwriting process has been completed by providing the
9 following information: (1) the serial number of the computer or
10 other surplus electronic data processing equipment; (2) the
11 name of the overwriting software used; and (3) the name, date,
12 and signature of the person performing the overwriting process.
13 The head of each State agency shall establish a system for the
14 protection and preservation of State data on State-owned
15 electronic data processing equipment necessary for the
16 continuity of government functions upon it being relinquished
17 to a successor executive administration.
18     For purposes of this Act and any other State directive
19 requiring the clearing of data and software from State-owned
20 electronic data processing equipment prior to sale, donation,
21 or transfer by the General Assembly or a public university in
22 this State, the General Assembly or the governing board of the
23 university shall have and maintain responsibility for the
24 implementation and administration of the requirements for
25 clearing State-owned electronic data processing equipment
26 utilized by the General Assembly or the university.

 

 

HB4890 Engrossed - 4 - LRB095 17105 NHT 44889 b

1 (Source: P.A. 93-306, eff. 7-23-03.)
 
2     Section 99. Effective date. This Act takes effect upon
3 becoming law.