State Breach Law

Illinois Data Breach Notification Law

815 ILCS 530 • Effective 2006-01-01

Illinois takes data protection seriously. If you have a breach affecting Illinois residents, you must notify them "as fast as possible" - no specific deadline, but delays can trigger penalties. For biometric data (fingerprints, face scans), Illinois has the strictest law in the country with $1,000-$5,000 fines PER violation.

Notification deadline: Most expedient time possible, without unreasonable delay

Enforcement: Illinois Attorney General

Overview

Illinois requires businesses to notify affected residents "in the most expedient time possible" and report to the Attorney General when more than 500 Illinois residents are affected. Illinois also has the nation's strictest biometric privacy law (BIPA).

Who Must Be Notified

  • Affected Illinois residents
  • Illinois Attorney General (if 500+ residents affected)

Covered Data Types

Social Security number, Driver's license or state ID number, Financial account number with access code, Medical information, Health insurance information, Unique biometric data (fingerprints, retina scans, etc.)

Notification Requirements

  • Written or electronic notice in most expedient time possible
  • Include description of breach and types of information involved
  • Steps being taken to protect from further breach
  • Contact information and credit reporting agency info
  • File AG notice if 500+ Illinois residents affected

Is your business exposed?

Exemptions

  • Encrypted data (if key not compromised)
  • Publicly available information
  • Entities compliant with HIPAA, GLBA (notification still required)

Penalties

AG can seek civil penalties, injunctions, and attorney fees. BIPA violations: $1,000 per negligent violation, $5,000 per intentional violation. Private right of action under BIPA.

If You Experience a Breach

  1. 1.

    If you collect biometrics, ensure BIPA compliance (critical)

  2. 2.

    Obtain written consent before collecting biometric data

  3. 3.

    Prepare breach notification templates

  4. 4.

    Know how to file with IL Attorney General

    IL AG Data Breach Report

  5. 5.

    Review biometric data collection practices company-wide

  6. 6.

    Implement reasonable security measures

Official Source

https://illinoisattorneygeneral.gov/consumer-protection/data-breach-notification/

Other State Breach Laws

New York, Texas, Florida

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices