Alterations to the Illinois Personal Information Protection Act have added new protections for state residents and have more clearly defined what actions could result in public notification following a data breach, Cook County Record reports. The changes expand the definition of protected personal information to include usernames and email addresses when combined with other information allowing a third party to access an individual's online account. Companies are required to alert affected parties to change their credentials if a combination of personal identifiers have been compromised. The changes in Illinois are similar to actions taken by other states across the U.S. “California was the first state to do so in 2014, followed by Florida and Wyoming, then Nebraska and Nevada passed similar statutes last year," Morgan Lewis privacy and cybersecurity attorney Mark L. Krotoski said. “We likely will see additional states make similar amendments to their data breach notification statutes."
If you want to comment on this post, you need to login.