|
March 8, 2012 - Since 2005, Illinois has had a data breach notification law on the books that requires companies to notify consumers when their personally identifiable information is release or breached without their permission. This year, the state legislature strengthened the state's law and now State Attorney General Lisa Madigan has issued new guidance for the disclosures that companies must make when a breach occurs, and the circumstances under which disclosures must take place.
Under the old regulations, when a data breach occurred, the company with which the consumer had a relationship was responsible for notifying the consumer of the breach. Under the new regulations, companies that store data for other corporations must also make their own notifications if their systems are involved in the data breach.
Any notice sent to consumers must now contain contact information for each consumer reporting agency (CRA) and the FTC. Additionally, the notices are required to tell consumers that the CRA's can provide affected consumers with information on placing either a security alert, or a credit freeze on their credit files.
The new regulations also specify how companies that maintain personally identifiable information in any form are to dispose of those records when they are done with them. Disposal of records must be done "in a manner that renders personal information unreadable, unusable and undecipherable." Electronic media used to store personal records, including records stored on cell phones, should be "destroyed or erased". If the records are erased, they must be erased in a way that they can't be recovered.
The regulations allow the state to impose fines of up to $50,000 for each violation. Consumers also have the right to file individual law suits over violations.
Note: When posting a comment, please sign-in first if you want a response. If you are not registered, click here. Registration is easy and free.
Follow me on Twitter:
|
Politics & Politicians 
