093_SB0553sam001
LRB093 10793 MKM 13848 a
1 AMENDMENT TO SENATE BILL 553
2 AMENDMENT NO. . Amend Senate Bill 553 on page 1,
3 immediately below line 5, by inserting the following:
4 "Section 5. Findings. The General Assembly finds that:
5 (a) The Massachusetts Institute of Technology, in a
6 recent study, discovered that many companies and individuals
7 are regularly selling or donating computer hard drives with
8 sensitive information still on them, such as credit card
9 numbers, bank and medical records, and personal e-mail.
10 (b) Illinois currently has no law addressing data
11 security and removal of data from surplus State-owned
12 computers that are to be (i) disposed of by sale, donation,
13 or transfer or (ii) relinquished to a successor executive
14 administration.
15 (c) In order to ensure the protection of sensitive
16 information relating to the State and its citizens, it is
17 necessary to implement policies to (i) overwrite all hard
18 drives of surplus State-owned electronic data processing
19 equipment that are to be sold, donated, or transferred and
20 (ii) preserve the data on State-owned electronic data
21 processing equipment that is to be relinquished to a
22 successor executive administration for the continuity of
23 government functions.
-2- LRB093 10793 MKM 13848 a
1 Section 10. Purpose. The purpose of this Act is to (i)
2 require the Department of Central Management Services or any
3 other authorized agency that disposes of surplus electronic
4 data processing equipment by sale, donation, or transfer to
5 implement a policy mandating that computer hardware be
6 cleared of all data and software before disposal by sale,
7 donation, or transfer and (ii) require the head of each
8 Agency to establish a system for the protection and
9 preservation of State data on State-owned electronic data
10 processing equipment necessary for the continuity of
11 government functions upon relinquishment of the equipment to
12 a successor executive administration.
13 Section 15. Definitions. As used in this Act:
14 "Agency" means all parts, boards, and commissions of the
15 executive branch of State government, including, but not
16 limited to, State colleges and universities and their
17 governing boards and all departments established by the Civil
18 Administrative Code of Illinois.
19 "Disposal by sale, donation, or transfer" includes, but
20 is not limited to, the sale, donation, or transfer of surplus
21 electronic data processing equipment to other agencies,
22 schools, individuals, and not-for-profit agencies.
23 "Electronic data processing equipment" includes, but is
24 not limited to, computer (CPU) mainframes, and any form of
25 magnetic storage media.
26 "Authorized agency" means an agency authorized by the
27 Department of Central Management Services to sell or transfer
28 electronic data processing equipment under Sections 5010.1210
29 and 5010.1220 of Title 44 of the Illinois Administrative
30 Code.
31 "Department" means the Department of Central Management
32 Services.
33 "Overwrite" means the replacement of previously stored
-3- LRB093 10793 MKM 13848 a
1 information with a pre-determined pattern of meaningless
2 information.
3 Section 20. Establishment and implementation. The Data
4 Security on State Computers Act is established to protect
5 sensitive data stored on State-owned electronic data
6 processing equipment to be (i) disposed of by sale, donation,
7 or transfer or (ii) relinquished to a successor executive
8 administration. This Act shall be administered by the
9 Department or an authorized agency. The Department or an
10 authorized agency shall implement a policy to mandate that
11 all hard drives of surplus electronic data processing
12 equipment be cleared of all data and software before being
13 prepared for sale, donation, or transfer by (i) overwriting
14 the previously stored data on a drive or a disk at least 10
15 times and (ii) certifying in writing that the overwriting
16 process has been completed by providing the following
17 information: (1) the serial number of the computer or other
18 surplus electronic data processing equipment; (2) the name of
19 the overwriting software used; and (3) the name, date, and
20 signature of the person performing the overwriting process.
21 The head of each State agency shall establish a system for
22 the protection and preservation of State data on State-owned
23 electronic data processing equipment necessary for the
24 continuity of government functions upon it being relinquished
25 to a successor executive administration.
26 Section 99. Effective date. This Act takes effect upon
27 becoming law.".