Bill > HB3041

This bill creates the Illinois Data Privacy and Protection Act, which establishes comprehensive regulations for how businesses collect, process, and transfer personal data. The bill requires covered entities (businesses that determine the purposes of data collection) to collect only data that is reasonably necessary and proportionate, obtain explicit consent from individuals before collecting or transferring their sensitive data, and provide clear privacy policies. Key provisions include giving individuals the right to access, correct, delete, and export their personal data, with special protections for minors and sensitive information like biometric data, precise location information, and financial details. The bill mandates that businesses implement robust data security practices, prohibits discrimination in data usage, and restricts targeted advertising to minors. Large data holders must designate privacy officers, conduct regular privacy impact assessments, and have executive officers certify compliance annually. Enforcement mechanisms include the ability for the Attorney General, State's Attorneys, or municipalities to bring civil actions against violators, as well as allowing individuals to sue for damages. Small businesses are given some exemptions to reduce compliance burdens, and the Attorney General is empowered to create rules and adjust thresholds to keep the law current with technological changes. The act will become effective 180 days after becoming law.

Military Affairs and Security

https://www.ilga.gov/legislation/BillStatus.asp?DocNum=3041&GAID=18&DocTypeID=HB&SessionID=114&GA=104