Bill Text: IL HB2784 | 2019-2020 | 101st General Assembly | Introduced
Bill Title: Amends the Personal Information Protection Act. Provides that "consumer marketing information" means information related to a consumer's online browsing history, online search history, or purchasing history, including, but not limited to, consumer profiles that are based upon the information. Provides that "geolocation information" means information that is (i) generated or derived from the operation or use of an electronic communications device, (ii) stored and sufficient to identify the street name and the name of the city or town in which an individual is located, and (iii) likely to enable someone to determine an individual's regular pattern of behavior. Provides that "geolocation information" does not include the contents of an electronic communication. Provides that "medical information" includes genetic information. Provides that "personal information" means an individual's first name or first initial and last name and email address. Adds geolocation information, consumer marketing information, and audio recordings to the list of data elements included in the definition of "personal information".
Spectrum: Partisan Bill (Democrat 1-0)
Status: (Introduced - Dead) 2019-03-29 - Rule 19(a) / Re-referred to Rules Committee [HB2784 Detail]
Download: Illinois-2019-HB2784-Introduced.html
| ||||||||||||||||||||
| ||||||||||||||||||||
| ||||||||||||||||||||
| ||||||||||||||||||||
| ||||||||||||||||||||
1 | AN ACT concerning business.
| |||||||||||||||||||
2 | Be it enacted by the People of the State of Illinois,
| |||||||||||||||||||
3 | represented in the General Assembly:
| |||||||||||||||||||
4 | Section 5. The Personal Information Protection Act is | |||||||||||||||||||
5 | amended by changing Section 5 as follows:
| |||||||||||||||||||
6 | (815 ILCS 530/5) | |||||||||||||||||||
7 | Sec. 5. Definitions. In this Act: | |||||||||||||||||||
8 | "Data collector" may include, but is not limited to,
| |||||||||||||||||||
9 | government agencies, public and private universities,
| |||||||||||||||||||
10 | privately and publicly held corporations, financial
| |||||||||||||||||||
11 | institutions, retail operators, and any other entity that, for | |||||||||||||||||||
12 | any purpose, handles, collects, disseminates, or otherwise
| |||||||||||||||||||
13 | deals with nonpublic personal information.
| |||||||||||||||||||
14 | "Breach of the security of the system data" or "breach" | |||||||||||||||||||
15 | means
unauthorized acquisition of computerized data that | |||||||||||||||||||
16 | compromises the security, confidentiality, or integrity of | |||||||||||||||||||
17 | personal information maintained by the data collector. "Breach | |||||||||||||||||||
18 | of the security of the system data" does not include good faith
| |||||||||||||||||||
19 | acquisition of personal information by an employee or agent of
| |||||||||||||||||||
20 | the data collector for a legitimate purpose of the data
| |||||||||||||||||||
21 | collector, provided that the personal information is not used
| |||||||||||||||||||
22 | for a purpose unrelated to the data collector's business or
| |||||||||||||||||||
23 | subject to further unauthorized disclosure.
|
| |||||||
| |||||||
1 | "Consumer marketing information" means information related | ||||||
2 | to a consumer's online browsing history, online search history, | ||||||
3 | or purchasing history, including, but not limited to, consumer
| ||||||
4 | profiles that are based upon the information. | ||||||
5 | "Geolocation information" means information that is (i) | ||||||
6 | generated or derived from the operation or use of an electronic | ||||||
7 | communications device, (ii) stored and sufficient to identify | ||||||
8 | the street name and name of the city or town in which an | ||||||
9 | individual is located, and (iii) likely to enable someone to | ||||||
10 | determine an individual's regular pattern of behavior. | ||||||
11 | "Geolocation information" does not include the contents of an | ||||||
12 | electronic communication. | ||||||
13 | "Health insurance information" means an individual's | ||||||
14 | health insurance policy number or subscriber identification | ||||||
15 | number, any unique identifier used by a health insurer to | ||||||
16 | identify the individual, or any medical information in an | ||||||
17 | individual's health insurance application and claims history, | ||||||
18 | including any appeals records. | ||||||
19 | "Medical information" means any information regarding an | ||||||
20 | individual's medical history, genetic information, mental or | ||||||
21 | physical condition, or medical treatment or diagnosis by a | ||||||
22 | healthcare professional, including such information provided | ||||||
23 | to a website or mobile application. | ||||||
24 | "Personal information" means either of the following: | ||||||
25 | (1) An individual's first name or first initial and | ||||||
26 | last name or email address An individual's first name or |
| |||||||
| |||||||
1 | first initial and last name in combination with any one or | ||||||
2 | more
of the following data elements, when either the name | ||||||
3 | or the data elements are not encrypted or redacted or are | ||||||
4 | encrypted or redacted but the keys to unencrypt or unredact | ||||||
5 | or otherwise read the name or data elements have been | ||||||
6 | acquired without authorization through the breach of | ||||||
7 | security:
| ||||||
8 | (A) Social Security number. | ||||||
9 | (B) Driver's license number or State | ||||||
10 | identification
card number.
| ||||||
11 | (C) Account number or credit or debit card number, | ||||||
12 | or an
account number or credit card number in | ||||||
13 | combination with
any required security code, access | ||||||
14 | code, or password that
would permit access to an | ||||||
15 | individual's financial account.
| ||||||
16 | (D) Medical information. | ||||||
17 | (E) Health insurance information. | ||||||
18 | (F) Unique biometric data generated from | ||||||
19 | measurements or technical analysis of human body | ||||||
20 | characteristics used by the owner or licensee to | ||||||
21 | authenticate an individual, such as a fingerprint, | ||||||
22 | retina or iris image, or other unique physical | ||||||
23 | representation or digital representation of biometric | ||||||
24 | data. | ||||||
25 | (G) Geolocation information. | ||||||
26 | (H) Consumer marketing information. |
| |||||||
| |||||||
1 | (I) Audio recordings. | ||||||
2 | (2) User name or email address, in combination with a | ||||||
3 | password or security question and answer that would permit | ||||||
4 | access to an online account, when either the user name or | ||||||
5 | email address or password or security question and answer | ||||||
6 | are not encrypted or redacted or are encrypted or redacted | ||||||
7 | but the keys to unencrypt or unredact or otherwise read the | ||||||
8 | data elements have been obtained through the breach of | ||||||
9 | security. | ||||||
10 | "Personal information" does not include publicly available
| ||||||
11 | information that is lawfully made available to the general
| ||||||
12 | public from federal, State, or local government records.
| ||||||
13 | (Source: P.A. 99-503, eff. 1-1-17 .)
|