The Illinois Personal Information Protection Act (PIPA) requires that any “data collector”, which includes businesses, universities, governmental agencies or any other entity that deals with personal information, notify Illinois residents in the event of a data security breach. Recently, the Office of Illinois Attorney General Lisa Madigan issued guidance that provides tools to assist entities in preventing, preparing for and responding to data security breaches. The guidance suggests that entities assess the amount of personal information on file, reduce the amount of personal information available within the entity, protect the information accordingly and train employees to properly manage the information. In order to respond quickly and efficiently to a data security breach, the guidance encourages entities to create and implement an incident response plan that includes the PIPA notice requirements.
For additional information about the Information Security and Security Notification Guidance, click here.