Bloomberg BNA – Amended Ill. Breach Notice Raises Compliance Questions
H.B. 1260 also tightens Illinois’ thresholds for disclosures to law enforcement and consumers, leaving data collectors with more rigorous post-breach compliance duties. The law specifically requires state agency data collectors to notify the Illinois Attorney General of breaches involving 250 or more Illinois residents. Data collectors must notify the state within 45 days of the discovery of a breach.
Christopher Oswald, vice president of advocacy for the Direct Marketing Association, said H.B. 1260 marks a huge improvement over Senate Bill 1833, which passed the Illinois General Assembly last Spring. DMA was one of two dozen organizations, including the Consumer Data Industry Association, NetChoice and the Electronic Retailing Association, that lobbied Rauner to veto S.B. 1833 last August (14 PVLR 1628, 9/7/15).