Illinois Attorney General Lisa Madigan recognized International Data Privacy Day and released the latest Information Security and Security Breach Notification Guidance (Illinois AG pdf; archive pdf). “In releasing her Information Security & Security Breach Response Guide, Madigan encouraged businesses and government agencies to establish an Information Security Program to understand the scope of the personal information they collect and to train employees how to properly maintain and handle information to prevent security breaches, which in turn can help prevent identity theft,” a press release said.
Here’s information from the guidance’s introduction:
The Illinois Personal Information Protection Act requires notification to Illinois residents in the event of an unauthorized acquisition of their personal information.
Entities that collect, maintain, store, use, and ultimately dispose of personal information should take steps to protect that information and reduce the risk of suffering a security breach. Although it may be impossible to prevent every breach, good data security can reduce the likelihood of some breaches, thereby helping entities to avoid the costly notification process.
This guide is meant to provide guidance, and not to provide legal advice. It is also important to recognize that due to the ever-changing aspect of information security and technology, more may be required of businesses and governmental agencies than is explained in this guide.
Businesses and governmental agencies are encouraged to stay abreast of industry best practices for data security and prevention of data breaches.