Illinois Enacts Breach Notification Law
Illinois law requiring businesses to notify customers in cases of personal data breaches went into affect Jan. 1.
According to a report in the Chicago Tribune, the Illinois legislature passed the Personal Information Protection Act in May of 2005 and Gov. Rod Blagojevich signed the legislation into law in June. The law specifies that following a security breach, data collectors must notify consumers "without unreasonable delay," however, it does not specify an acceptable time frame.
The Chicago Tribune reports that the law was motivated by the Choice Point data breach in 2004 in which the Georgia-based company sold the personal information of more than 145,000 people—5,000 of whom were Illinois residents—to thieves posing as legitimate businesses.
In a statement following the bill signing, Blagojevich said the Personal Information Protection Act "can help individuals take steps to protect their assets and identities before thieves wreak havoc on their credit."
A second law that went into effect Jan. 1 allows victims of identity theft to freeze their credit reports, preventing access to their personal information. Access to a frozen report is available only when the individual supplies consent.