Illinois recently approved amendments to the Personal Information Protection Act (815 ILCS 530/1 et seq.) that will affect both businesses and residents of Illinois.
The Personal Information Protection Act (“PIPA”) was originally passed in 2006, and required businesses that collect certain types of personal information to notify residents if that information could have been stolen in a data breach. The law in its original form did not require businesses to take any proactive steps to prevent a data breach from occurring; it just required businesses to notify residents if a breach had occurred. The new amendments to PIPA, which will become effective Jan. 1, 2017, strengthen the law in two significant ways.
First, the amendments broaden the type of information that is subject to protection. Under the original law, only the following information was protected:
- Social security numbers
- Driver’s license or state identification numbers
- Financial account information, such as credit or debit card numbers
Beginning in 2017, the following types of information will also be protected:
- Health insurance information
- Medical information
- Biometric data (such as fingerprints and facial recognition data)
- Email addresses, usernames, and passwords
If businesses collect any of the above types of information from residents of Illinois, PIPA will be in force.
Second, and more importantly, the new PIPA specifically states that all businesses collecting any of the above information “shall implement and maintain reasonable security measures to protect” this information from disclosure. For business owners doing business in Illinois, this means you must audit your data security and data collection practices to ensure that you are taking reasonable measures to ensure personal information is not unreasonably exposed to disclosure.
A violation of PIPA is a statutory violation of the Illinois Consumer Fraud and Deceptive Business Practices Act, and could subject the violator to punitive damages. Not only that, but data breaches cause client distrust and dissatisfaction with your business. That is why it is crucially important for businesses to make sure they are shielding themselves from the potential liability and headache that result from someone stealing customer or client information. If you have questions about how to protect your business and your customers, contact us today at 855-522-5291 for a free consultation.