IL HB3040 | 2021-2022 | 102nd General Assembly
Status
Spectrum: Partisan Bill (Republican 1-0)
Status: Introduced on February 18 2021 - 25% progression, died in committee
Action: 2021-03-27 - Rule 19(a) / Re-referred to Rules Committee
Pending: House Rules Committee
Text: Latest bill text (Introduced) [HTML]
Status: Introduced on February 18 2021 - 25% progression, died in committee
Action: 2021-03-27 - Rule 19(a) / Re-referred to Rules Committee
Pending: House Rules Committee
Text: Latest bill text (Introduced) [HTML]
Summary
Creates the Insurance Data Security Act. Requires any person licensed, authorized to operate, or registered as an insurer in accordance with the insurance laws of this State to conduct a risk assessment of cybersecurity threats, implement appropriate security measures, and no less than annually assess the effectiveness of the safeguards' key controls, systems, and procedures. Requires a licensee to develop, implement, and maintain a written information security program based on the licensee's risk assessment. Requires each licensee to establish a written incident response plan designed to promptly respond to, and recover from, any cybersecurity event that compromises the confidentiality, integrity, or availability of nonpublic information in its possession, the licensee's information systems, or the continuing functionality of any aspect of the licensee's business or operations. Requires licensees domiciled in this State to annually submit a written certification of compliance to the Director of Insurance. Provides that a licensee shall notify the Director as promptly as possible, but not later than 72 hours from a determination that a cybersecurity event has occurred in specified circumstances. Provides standards and procedures for risk management, data security, and notification and investigation of cybersecurity events resulting in unauthorized access to, disruption of, or misuse of nonpublic data. Provides that the Director has the power to examine and investigate to determine whether a licensee has been or is engaged in any conduct in violation of the Act. Grants the Department of Insurance rulemaking authority to implement the Act. Provides that any documents, materials, or other information obtained pursuant to the Act is confidential by law and privileged, is not subject to the Freedom of Information Act, is not subject to subpoena, and is not subject to discovery or admissible in evidence in any private civil action. Makes a conforming change in the Freedom of Information Act. Defines terms. Effective January 1, 2022.
Title
INSURANCE DATA SECURITY ACT
Sponsors
History
| Date | Chamber | Action |
|---|---|---|
| 2021-03-27 | House | Rule 19(a) / Re-referred to Rules Committee |
| 2021-03-16 | House | Assigned to Cybersecurity, Data Analytics, & IT Committee |
| 2021-02-19 | House | Referred to Rules Committee |
| 2021-02-19 | House | First Reading |
| 2021-02-18 | House | Filed with the Clerk by Rep. Keith R. Wheeler |
Code Citations
| Chapter | Article | Section | Citation Type | Statute Text |
|---|---|---|---|---|
| 5 | 140 | 7.5 | Amended Code | Citation Text |
Illinois State Sources
| Type | Source |
|---|---|
| Summary | https://www.ilga.gov/legislation/BillStatus.asp?DocNum=3040&GAID=16&DocTypeID=HB&SessionID=110&GA=102 |
| Text | https://www.ilga.gov/legislation/102/HB/10200HB3040.htm |
