Shostack + Friends Blog Archive

 

A small, but hopeful sign in state breach legislation

A bill [link to http://www.ilga.gov/legislation/fulltext.asp?DocName=&SessionId=50&GA=94&DocTypeId=HB&DocNum=4449&GAID=8&LegID=22685&SpecSess=&Session= no longer works] sits on Illinois governor Rod Blagojevich’s desk. If he signs it, Illinois will take a step toward meaningful central reporting of breach notifications:

5 		    (815 ILCS 530/25 new)
6 		    Sec. 25. Annual reporting. Any State agency that collects
7 		personal data and has had a breach of security of the system
8 		data or written material shall submit a report within 5
9 		business days of the discovery or notification of the breach to
10 		the General Assembly listing the breaches and outlining any
11 		corrective measures that have been taken to prevent future
12 		breaches of the security of the system data or written
13 		material. Any State agency that has submitted a report under
14 		this Section shall submit an annual report listing all breaches
15 		of security of the system data or written materials and the
16 		corrective measures that have been taken to prevent future
17 		breaches.

(emphasis added)
Unfortunately, this requirement only affects state agencies. After the VA fiasco, it would seem imprudent for the Governor not to sign this.
I am not a lawyer, but I’m optimistically thinking that such reports are not exempt from disclosure under Illinois’ Freedom of Information Act [link to http://www.illinoisattorneygeneral.gov//government/foia_illinois.html no longer works].

2 comments on "A small, but hopeful sign in state breach legislation"

Comments are closed.