Illinois Attorney General Issues Guidance on Newly Amended Personal Information Protection Act


In the wake of amendments to the Illinois Personal Information Protection Act, 815 ILCS 530 et seq., Illinois Attorney General Lisa Madigan has issued an Information Security and Security Breach Notification Guidance (the “Guidance”). The amendments and Guidance are aimed at curtailing identity theft and fraud which occur as a result of security breaches. In the announcement accompanying the Guidance, Lisa Madigan focused on the problems of identity theft citing reports that more than 550 breaches involving more than 30 million records occurred in 2011. The Guidance encourages businesses and government agencies “to understand the scope of the personal information they collect and to train employees on how to properly maintain and handle information to prevent security breaches which in turn can help prevent identity theft.” This is advisable not only because of Illinois state law, but also because of obligations on businesses under federal law regarding identity theft prevention and claims handling.

Illinois’ Personal Information Protection Act was originally adopted in 2005 in response to an October 2004 incident involving Georgia-based ChoicePoint. ChoicePoint reportedly had sold the personal information of more than 145,000 people, including 5,000 Illinois residents, to identity thieves who pretended to be legitimate businesses. As originally enacted, the Personal Information Protection Act focused on requiring notice of data breaches to consumers. Notice was required by the Act when there was “unauthorized acquisition of computerized data that compromised the security, confidentiality or integrity of personal information maintained by a data collector.” The Act defines “personal information” consistent with the core of other states’ laws as an individual’s name in combination with the individual’s Social Security number, driver’s license number or financial account number (such as a bank account, credit or debit card number) in combination with any required security code or password that would permit access to that account.

Please see full alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© K&L Gates LLP | Attorney Advertising

Written by:


K&L Gates LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.