• Our Firm
  • Attorneys
    • M. Reas Bowman
    • Mitchell S. Chaban
    • Mark L. Evans
    • Jeffrey M. Galkin
    • Joseph A. Ginsburg
    • Joseph A. LaPlaca
    • Walker R. Lawrence
    • Robert S. Levin
    • Edward R. McMurray
    • Roenan Patt
    • Andrew L. Platt
    • Morris R. Saunders
    • Howard L. Teplinsky
    • Kevin A. Thompson
    • Jonathan M. Weis
    • Michael L. Weissman
  • Practice Areas
    • Business Continuity / Ownership Management Succession
    • Commercial Litigation and Dispute Resolution
    • Corporate and Business
    • Wealth Management and Asset Protection
    • Intellectual Property
    • Real Estate
    • Employment and Benefits
    • Finance and Banking
    • Insurance Regulation
  • Contact Us
  • News
  • Careers
  • Client Portal
  • Levin Ginsburg
  • Our Firm
  • Attorneys
    • M. Reas Bowman
    • Mitchell S. Chaban
    • Mark L. Evans
    • Jeffrey M. Galkin
    • Joseph A. Ginsburg
    • Joseph A. LaPlaca
    • Walker R. Lawrence
    • Robert S. Levin
    • Edward R. McMurray
    • Roenan Patt
    • Andrew L. Platt
    • Morris R. Saunders
    • Howard L. Teplinsky
    • Kevin A. Thompson
    • Jonathan M. Weis
    • Michael L. Weissman
  • Practice Areas
    • Business Continuity / Ownership Management Succession
    • Commercial Litigation and Dispute Resolution
    • Corporate and Business
    • Wealth Management and Asset Protection
    • Intellectual Property
    • Real Estate
    • Employment and Benefits
    • Finance and Banking
    • Insurance Regulation
  • Contact Us

Blog

Recent Amendments to the Illinois Personal Information Protection Act

March 3, 2017

The threat of the theft or accidental disclosure of electronic personal information is on the rise. On January 1, 2017, new legislation went in effect amending the Illinois Personal Information Protection Act (the “Act”) to expand the definition of protected personal information and increase certain security and notification requirements for data breaches. Important amendments to the Act include:

  1. Expanded definition of “Personal Information” for which notice of a breach is required to include certain medical and online account information. The definition of “Personal Information” includes an individual’s first name or first initial and last name and any of the following:
  1. social security number;
  2. driver’s license or State identification card number;
  3. account number or credit or debit card number, or an account number or credit card number in combination with any required security code, access code, or password that would permit access to an individual’s financial account;
  4. medical information (including any information regarding an individual’s medical history, mental or physical condition, or medical treatment or diagnosis by a healthcare professional, including such information provided to a website or mobile application);
  5. health insurance information (including an individual’s health insurance policy number or subscriber identification number or any other unique identifier); and
  6. unique biometric data generated from measurements or technical analysis of human body characteristics used by the owner or licensee to authenticate an individual, such as a fingerprint, retina or iris image, or other unique physical representation or digital representation of biometric data.

The definition of “Personal Information” also includes an individual’s user name or email address in combination with a password or security question and answer that would permit access to an online account.

  1. Expanded Notification Requirements. If a security breach involves an individual’s user name or email address, in addition to a password or security question answer that can allow access to an online account, notice is required to inform the individual that his account information has been breached and that he should promptly change his user name or password and security question or answer, as applicable, or to take other steps appropriate to protect all online accounts for which the individual uses the same user name or email address and password or security question and answer.
  2. Expanded Data Security Requirements for Data Collectors.  Any data collector that owns, maintains, stores, or licenses records that contain Personal Information must implement and maintain reasonable security measures to protect those records from unauthorized access, acquisition, destruction, use, modification, or disclosure.
  3. Compliance with HIPPA. The Act also provides that any covered entity or business associate that is subject to and in compliance with the privacy and security standards for the protection of electronic health information established pursuant to the federal Health Insurance Portability and Accountability Act of 1996 (“HIPPA”) and the Health Information Technology for Economic and Clinical Health Act shall be deemed to be in compliance with the provisions of the Act, provided that notification of a breach is provided to the Illinois Attorney General within five business days of notifying the Secretary of Health and Human Services.

If you have any questions regarding the Personal Information Protection Act’s application to your business or your obligations under the Act, please contact:

Kristen E. O’Neill at:

koneill@levinginsburg.com or 312-368-0100.

Tags: Access Code, Account Number, Amendment, Biometric Data, Credit Card, Data Collectors, Debit Card, Diagnosis, Driver's License, Financial Account, Fingerprint, Health Insurance, Health Insurance Portability and Accountability Act, Healthcare Professional, HIPPA, Identifier, Illinois Attorney General, Illinois Personal Information Protection Act, Image, Initial, Insurance Policy, Iris, Measurements, Medical history, Medical Information, Medical Treatment, Mental Health, Mobile Application, name, Notification, Password, Physical Condition, Retina, Secretary of Health and Human Services, Security, Security Breech, Security Code, Security Question, Social Security Number, State Identification Card, Subscriber Identification Number, Technical Analysis, Unique Representation, Website

More Articles

Selling Your Business?

February 24, 2017

John Smith owned a small manufacturing business.  One day he received a call from one of his competitors who said...

Unexpected Liability for Service Providers

March 17, 2017

With “hacking” and identify thefts becoming all too common place, each service provider must place more and more emphasis on...

Categories

  • Corporate and Business
  • Employment Law
  • Events
  • Intellectual Property
  • Law
  • Levin Ginsburg News
  • Real Estate
  • Tax
  • Tax Law
  • Uncategorized
Levin Ginsburg

180 North LaSalle Street, Suite 3200
Chicago, Illinois 60601
P: (312) 368-0100
F: (312) 368-0111

  • Our Firm
  • Attorneys
  • Practice Areas
  • News
  • Client Portal
  • Contact Us
© 2023 Levin Ginsburg. All rights reserved. Terms of Use / Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.