Bill Amendment: IL SB0707 | 2017-2018 | 100th General Assembly
NOTE: For additional amemendments please see the Bill Drafting List
Bill Title: PERSONAL INFO PRTCT AGENCY RPT
Status: 2017-08-25 - Public Act . . . . . . . . . 100-0412 [SB0707 Detail]
Download: Illinois-2017-SB0707-Senate_Amendment_001.html
Bill Title: PERSONAL INFO PRTCT AGENCY RPT
Status: 2017-08-25 - Public Act . . . . . . . . . 100-0412 [SB0707 Detail]
Download: Illinois-2017-SB0707-Senate_Amendment_001.html
| |||||||
| |||||||
| |||||||
| 1 | AMENDMENT TO SENATE BILL 707
| ||||||
| 2 | AMENDMENT NO. ______. Amend Senate Bill 707 on page 5, line | ||||||
| 3 | 12, by changing "or" to "concerning more than 250 Illinois | ||||||
| 4 | residents or"; and
| ||||||
| 5 | on page 5, line 18, by changing "45" to "60"; and
| ||||||
| 6 | on page 5, line 20, by changing "or" to "concerning more than | ||||||
| 7 | 250 Illinois residents or"; and
| ||||||
| 8 | on page 6, by replacing lines 3 through 5 with the following:
| ||||||
| 9 | "(iii) a description of the attack; and | ||||||
| 10 | (iv) an overview of corrective and preventative"; and
| ||||||
| 11 | on page 6, line 8, by deleting "immediately"; and
| ||||||
| 12 | on page 6, line 15, by changing "indefinitely" to "for a period | ||||||
| 13 | of 60 days; and
| ||||||
| |||||||
| |||||||
| 1 | on page 6, by inserting immediately below line 15, the | ||||||
| 2 | following:
| ||||||
| 3 | "(i) A State agency that has been subject to or has reason | ||||||
| 4 | to believe it has been subject to a single breach of the | ||||||
| 5 | security of the data concerning the personal information of | ||||||
| 6 | more than 250 Illinois residents or an instance of aggravated | ||||||
| 7 | computer tampering (as defined in Section 17-52 of the Criminal | ||||||
| 8 | Code of 2012) shall notify the Office of the Chief Information | ||||||
| 9 | Security Officer of the Illinois Department of Innovation and | ||||||
| 10 | Technology regarding the breach or instance of aggravated | ||||||
| 11 | computer tampering. Such notification shall be made without | ||||||
| 12 | delay but no later than 72 hours following the discovery of the | ||||||
| 13 | incident. | ||||||
| 14 | Upon receiving notification of such incident, the Chief | ||||||
| 15 | Information Security Officer shall without delay take | ||||||
| 16 | necessary and reasonable actions to: | ||||||
| 17 | (i) assess the incident to determine the potential | ||||||
| 18 | impact on the overall confidentiality, security, and | ||||||
| 19 | availability of State of Illinois data and information | ||||||
| 20 | systems; | ||||||
| 21 | (ii) ensure the security incident is contained to | ||||||
| 22 | minimize additional impact and risk to the State; | ||||||
| 23 | (iii) identify the root cause of the incident; | ||||||
| 24 | (iv) provide recommendations to the impacted State | ||||||
| 25 | agency to assist with eradicating the threat and removing | ||||||
| |||||||
| |||||||
| 1 | and mitigating any vulnerabilities to reduce the risk of | ||||||
| 2 | further compromise; and | ||||||
| 3 | (v) assist the impacted State agency in any necessary | ||||||
| 4 | recovery efforts to ensure effective return to a state of | ||||||
| 5 | normal operations. | ||||||
| 6 | The Department of Innovation and Technology may agree to | ||||||
| 7 | submit the comprehensive report required in subsection (f) in | ||||||
| 8 | lieu of the impacted agency.".
| ||||||
