103RD GENERAL ASSEMBLY State of Illinois 2023 and 2024 SB0857   Introduced 2/2/2023, by Sen. Don Harmon   SYNOPSIS AS INTRODUCED:   20 ILCS 450/20     Amends the Data Security on State Computers Act. Makes a technical change in a Section concerning the establishment and implementation of the Act. LRB103 03316 RPS 48322 b     A BILL FOR
SB0857 LRB103 03316 RPS 48322 b
1		AN ACT concerning State government.
2		Be it enacted by the People of the State of Illinois,
3		represented in the General Assembly:
4		Section 5. The Data Security on State Computers Act is
5		amended by changing Section 20 as follows:
6		(20 ILCS 450/20)
7		Sec. 20. Establishment and implementation. The The Data
8		Security on State Computers Act is established to protect
9		sensitive data stored on State-owned electronic data
10		processing equipment to be (i) disposed of by sale, donation,
11		or transfer or (ii) relinquished to a successor executive
12		administration. This Act shall be administered by the
13		Department or an authorized agency. The governing board of
14		each public university in this State must implement and
15		administer the provisions of this Act with respect to
16		State-owned electronic data processing equipment utilized by
17		the university. The Department or an authorized agency shall
18		implement a policy to mandate that all hard drives of surplus
19		electronic data processing equipment be erased, wiped,
20		sanitized, or destroyed in a manner that prevents retrieval of
21		sensitive data and software before being sold, donated, or
22		transferred by (i) overwriting the previously stored data on a
23		drive or a disk at least 3 times or physically destroying the

SB0857 - 2 - LRB103 03316 RPS 48322 b
1		hard drive and (ii) certifying in writing that the overwriting
2		process has been completed by providing the following
3		information: (1) the serial number of the computer or other
4		surplus electronic data processing equipment; (2) the name of
5		the overwriting software or physical destruction process used;
6		and (3) the name, date, and signature of the person performing
7		the overwriting or destruction process. The head of each State
8		agency shall establish a system for the protection and
9		preservation of State data on State-owned electronic data
10		processing equipment necessary for the continuity of
11		government functions upon it being relinquished to a successor
12		executive administration.
13		For purposes of this Act and any other State directive
14		requiring the clearing of data and software from State-owned
15		electronic data processing equipment prior to sale, donation,
16		or transfer by the General Assembly or a public university in
17		this State, the General Assembly or the governing board of the
18		university shall have and maintain responsibility for the
19		implementation and administration of the requirements for
20		clearing State-owned electronic data processing equipment
21		utilized by the General Assembly or the university.
22		(Source: P.A. 96-45, eff. 7-15-09; 97-390, eff. 8-15-11.)