Illinois Attorney General Lisa Madigan is looking to expand the state’s law on data breaches. Madigan has drafted legislation adding new requirements to the 2005 Personal Information and Protection Act. While the original law said companies had to notify Illinois residents if drivers’ licenses, social security numbers or financial accounts were exposed by a data breach, Madigan says that doesn’t cover everything identity thieves are going after nowadays.
Click here for summary
“That would include an e-mail address and your login, your password,” Madigan said. “Health insurance information, biometric information, geolocation information, that can obviously be harmful.”
The bill doesn’t set a timeline for when companies have to notify the attorney general’s office or Illinois residents after suffering a breach, but entities holding sensitive information would be required to take “reasonable steps” to protect it.
The bill is being sponsored in the Illinois Senate by State Sen. Daniel Biss (D-Evanston) and in the House by State Rep. Ann Williams (D-Chicago).