Skip Navigation
Illinois Attorney General Kwame Raoul
Home | Careers | Press Room | Opinions | Español | Other Languages | Contact Us

April 22, 2015


Springfield — Attorney General Lisa Madigan today applauded members of the Illinois Senate for passage of a measure that will strengthen the state’s data breach notification law. Senate Bill 1833 sponsored by Sen. Dan Biss (D-Evanston) passed the Senate on a vote of 35-13.

“The growing frequency and scope of data breaches has necessitated an overhaul of Illinois’ notification law,” Madigan said. “This measure will ensure that people receive timely information when a breach occurs so they can work to limit their exposure to identity theft.”

“Between computers, phones and tablets, information is almost always at our fingertips. But the downside to that connectivity is that there are new ways for individuals to access personal information,” Biss said. “I appreciate the Attorney General’s leadership on this issue and her commitment to Illinois consumers, and I am proud to be the lead sponsor of this important measure.”

Madigan drafted SB 1833 to strengthen the state’s Personal Information Protection Act (PIPA). Originally passed in 2005 at Attorney General Madigan’s direction, PIPA made Illinois among the first states in the country to require entities that suffer a data breach to notify Illinois residents if the breached information included residents’ drivers’ license numbers, social security numbers, or financial account information. Since the law’s enactment, the extent of sensitive information collected about consumers has expanded, and the threat of data breaches has increased significantly, necessitating the need to update and strengthen the state’s law.

Madigan’s bill, which has been endorsed by the Illinois PIRG, Citizen Action Illinois, the Heartland Alliance and more, will expand the type of information that triggers a breach notification to consumers, including medical information outside of federal privacy laws, biometric data, geolocation information, sensitive consumer marketing data, contact information when combined with identifying information, and login credentials for online accounts. The bill also requires entities holding sensitive information to take “reasonable” steps to protect the information, to post a privacy policy describing their data collection practices, and to notify the Attorney General’s office when breaches occur. Madigan has said her office would create a website that lists every data breach that affects Illinois to increase awareness among residents.

SB 1833 now heads to the House for consideration.


Return to April 2015 Press Releases

go to top of page

© 2020 Illinois Attorney General HomePrivacy Policy Contact Us