Bill Amendment: IL SB0707 | 2017-2018 | 100th General Assembly
NOTE: For additional amemendments please see the Bill Drafting List
Bill Title: PERSONAL INFO PRTCT AGENCY RPT
Status: 2017-08-25 - Public Act . . . . . . . . . 100-0412 [SB0707 Detail]
Download: Illinois-2017-SB0707-Senate_Amendment_001.html
Bill Title: PERSONAL INFO PRTCT AGENCY RPT
Status: 2017-08-25 - Public Act . . . . . . . . . 100-0412 [SB0707 Detail]
Download: Illinois-2017-SB0707-Senate_Amendment_001.html
| |||||||
| |||||||
| |||||||
1 | AMENDMENT TO SENATE BILL 707
| ||||||
2 | AMENDMENT NO. ______. Amend Senate Bill 707 on page 5, line | ||||||
3 | 12, by changing " or " to " concerning more than 250 Illinois | ||||||
4 | residents or "; and
| ||||||
5 | on page 5, line 18, by changing " 45 " to " 60 "; and
| ||||||
6 | on page 5, line 20, by changing " or " to " concerning more than | ||||||
7 | 250 Illinois residents or "; and
| ||||||
8 | on page 6, by replacing lines 3 through 5 with the following:
| ||||||
9 | " (iii) a description of the attack; and | ||||||
10 | (iv) an overview of corrective and preventative "; and
| ||||||
11 | on page 6, line 8, by deleting " immediately "; and
| ||||||
12 | on page 6, line 15, by changing " indefinitely " to " for a period | ||||||
13 | of 60 days ; and
|
| |||||||
| |||||||
1 | on page 6, by inserting immediately below line 15, the | ||||||
2 | following:
| ||||||
3 | " (i) A State agency that has been subject to or has reason | ||||||
4 | to believe it has been subject to a single breach of the | ||||||
5 | security of the data concerning the personal information of | ||||||
6 | more than 250 Illinois residents or an instance of aggravated | ||||||
7 | computer tampering (as defined in Section 17-52 of the Criminal | ||||||
8 | Code of 2012) shall notify the Office of the Chief Information | ||||||
9 | Security Officer of the Illinois Department of Innovation and | ||||||
10 | Technology regarding the breach or instance of aggravated | ||||||
11 | computer tampering. Such notification shall be made without | ||||||
12 | delay but no later than 72 hours following the discovery of the | ||||||
13 | incident. | ||||||
14 | Upon receiving notification of such incident, the Chief | ||||||
15 | Information Security Officer shall without delay take | ||||||
16 | necessary and reasonable actions to: | ||||||
17 | (i) assess the incident to determine the potential | ||||||
18 | impact on the overall confidentiality, security, and | ||||||
19 | availability of State of Illinois data and information | ||||||
20 | systems; | ||||||
21 | (ii) ensure the security incident is contained to | ||||||
22 | minimize additional impact and risk to the State; | ||||||
23 | (iii) identify the root cause of the incident; | ||||||
24 | (iv) provide recommendations to the impacted State | ||||||
25 | agency to assist with eradicating the threat and removing |
| |||||||
| |||||||
1 | and mitigating any vulnerabilities to reduce the risk of | ||||||
2 | further compromise; and | ||||||
3 | (v) assist the impacted State agency in any necessary | ||||||
4 | recovery efforts to ensure effective return to a state of | ||||||
5 | normal operations. | ||||||
6 | The Department of Innovation and Technology may agree to | ||||||
7 | submit the comprehensive report required in subsection (f) in | ||||||
8 | lieu of the impacted agency. ".
|