Written by: ConsultNet
Data is an extremely valuable commodity for organizations. Unfortunately, threat actors also seek to steal data to use it for personal gain, meaning any entity collecting data is at risk since data exploitation is so lucrative.
Companies and other organizations legitimately use it to better understand customers, increase productivity, and identify other valuable metrics. While data is necessary for businesses from an operational and marketing standpoint, its use and storage impact people if a breach occurs.
To combat privacy issues and to increase cybersecurity standards
to protect data from unauthorized prying eyes, Illinois has two key laws in place that organizations must follow.
What Are The Key Illinois Privacy Legislations?
Two key pieces of Illinois’ privacy legislation are the Illinois Personal Information Protection Act (PIPA) and the Biometric Information Privacy Act (BIPA). Below we’ll delve more into these two laws, their relevance, and how they affect your organization.
Illinois Personal Information Protection Act (PIPA)
PIPA was passed by Illinois state legislators in 2005 to protect residents from any mishandling, abuse, or misuse of their personal data. Lawmakers updated BIPA in 2017 to factor in technology changes and data collection methods.
Biometric Information Privacy Act (BIPA)
BIPA was passed by Illinois policymakers in 2008 to implement requirements for businesses and other organizations to obtain consent for collecting data, securing data storage, and protecting biometric data.
What is the Personal Information Protection Act (PIPA)
PIPA is designed to protect sensitive pieces of Illinois residents’ personal information. This includes Social Security numbers, passport numbers, driver’s licenses (or state ID numbers), credit and debit card numbers, financial account numbers, medical account numbers, passwords, and security codes.
Businesses and other organizations handling the personal data of Illinois residents must plan to install and maintain stronger security measures to protect data from exploitation or unauthorized access, use, or modification. There are three important components anyone handling data is required to adhere to:
Breach Notification Requirements
Organizations must notify affected individuals of a breach as soon as possible without delay. Notification must be made in writing or electronically. If unable to reach individuals who have been impacted, the law permits statewide public notification through the media.
Data Disposal Regulations
Illinois law stipulates organizations must safely dispose of both paper and electronic data they no longer need. They can destroy paper records by shredding, burning, and other methods of disposal. Organizations can dispose of electronic records by making them unreadable and unrecoverable.
Security Standards
Organizations collecting data must put mechanisms into place to protect paper and electronic data from any unauthorized access, use, modification, disclosure, or for any other purposes aside from the original intention. PIPA doesn’t provide specific guidance on how to do this, but organizations can turn to standards used to comply with
federal data protection laws.
Who Must Comply with PIPA?
Entities, such as for-profit businesses, government agencies, healthcare facilities, universities, nonprofits, and other organizations that collect data in the State of Illinois must comply with PIPA. Even if the
entities aren’t legally based in Illinois, but still collect the private data of Illinois citizens, they must adhere to PIPA requirements.
What is the Biometric Information Privacy Act (BIPA)
BIPA outlines what to do when biometric data is compromised and what types of organizations must comply with BIPA rules. Types of biometric information BIPA defines include fingerprints, face recognition, palm prints, hand geometry, retina and iris recognition, DNA, and odor or scent.
Consent and Disclosure Requirements
BIPA requires organizations to obtain written consent before collecting biometric data. The documents must outline how data is collected and stored, inform individuals of the need to collect biometrics and obtain a written release allowing the organization to collect it. Entities also may not sell, trade, lease, or profit from any biometrics they collect.
Data Storage and Protection Standards
Unlike addresses, phone numbers, passwords, and other sensitive information, a person cannot change their biometric information, so organizations must be vigilant about how they collect and utilize biometrics. Entities must publicly disclose retention schedules (no longer than 3 years after the last interaction with the individual) and guidelines for the destruction of data.
Breach Notification Obligations
Under BIPA, entities must provide “expedient” notification if a breach or possible leak occurs. A
plan of action should be built into an organization’s incident response plan.
Who Must Comply with BIPA?
Any private entity operating or doing business in Illinois is obligated to comply with BIPA, even if its headquarters or primary business occurs in another state. BIPA excludes state and local governments, along with their contractors and agents. Financial institutions are also excluded.
How to Ensure Compliance With Illinois Privacy Laws
Between federal, Illinois, and global compliance requirements, businesses need to be
aware of several laws. To ensure compliance with all of them, it’s important to stay up-to-date and understand how technology can play a pivotal role in achieving and maintaining compliance. Basic practices you can implement include:
- Reviewing your organization’s administrative processes to ensure you’re compliant
- Establishing a plan of how your organization will send out expedient breach notifications
- Encrypting all of your organization’s communications to make certain it’s unreadable to unauthorized individuals
- Deleting confidential information as soon as it’s no longer needed for operational or analytical purposes
Data privacy compliance in Chicago does not have to be complex or difficult. Working with a knowledgeable managed service provider, such as ConsultNet, can increase your ability to remain compliant with Illinois and any other applicable data protection laws.
Cyber Security Tips for Illinois Businesses
Securing data is an essential task for any business. Cybercriminals aren’t about to let up. It’s important for any organization to understand the top threats and then take steps to mitigate risks.
To maintain compliance with Illinois laws, businesses can be proactive in securing and protecting data. Ways they can do this include implementing strict access controls, encrypting data, and carefully monitoring and auditing data access.
Additionally, data shouldn’t be kept longer than necessary to limit any potential damage, so data management strategies should include formal retention and disposal policies.
ConsultNet Supports Illinois Businesses' IT & Cyber Security Needs
Cybersecurity and data privacy IL standards are very specific. Entities must adhere to laws set by Illinois lawmakers. ConsultNet is here to support your business in your technology and cybersecurity needs.
Our professional team is able to help you by providing
custom-tailored IT solutions, along with proven and quality technology support. To schedule a consultation,
contact us today!
Get In Touch
Call us at:
Type an email to:
Quick Links
Website by RivalMind | Privacy Policy