šŗšø US-Illinois
Informations
Extracts :
Extract :
Extracts :
Extract :
Extracts :
Extract :
""Service provider" means a person or entity that collects,
processes, or transfers covered data on behalf of, and at the
direction of, a covered entity or a federal, State, tribal,
territorial, or local government entity; and receives covered
data from or on behalf of a covered entity or a federal, State,
tribal, territorial, or local government entity. A service
provider that receives service provider data from another
service provider as permitted under this Act shall be treated
as a service provider under this Act with respect to such data."
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
There is no explicit information in HB 3385 on this.
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
No information on this in the official text.
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
""Service provider" means a person or entity that collects,
processes, or transfers covered data on behalf of, and at the
direction of, a covered entity or a federal, State, tribal,
territorial, or local government entity; and receives covered
data from or on behalf of a covered entity or a federal, State,
tribal, territorial, or local government entity. A service
provider that receives service provider data from another
service provider as permitted under this Act shall be treated
as a service provider under this Act with respect to such data."
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
There is no explicit information on this in HB 3385.
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
""Sensitive covered data" means the following types of
covered data:
(1) A government-issued identifier, such as a Social
Security number, passport number, or driver's license
number, that is not required by law to be displayed in
public.
(2) Any information that describes or reveals the
past, present, or future physical health, mental health,
disability, diagnosis, or health condition or treatment of
an individual.
(3) A financial account number, debit card number,
credit card number, or information that describes or
reveals the income level or bank account balances of an
individual, except that the last four digits of a debit or
credit card number shall not be deemed sensitive covered
data.
(4) Biometric information.
(5) Genetic information. (6) Precise geolocation information.
(7) An individual's private communications such as
voicemail, emails, texts, direct messages, or mail, or
information identifying the parties to such
communications, voice communications, video
communications, and any information that pertains to the
transmission of such communications, including telephone
numbers called, telephone numbers from which calls were
placed, the time calls were made, call duration, and
location information of the parties to the call, unless
the covered entity or a service provider acting on behalf
of the covered entity is the sender or an intended
recipient of the communication. Communications are not
private for purposes of this clause if such communications
are made from or to a device provided by an employer to an
employee insofar as such employer provides conspicuous
notice that such employer may access such communications.
(8) Account or device log-in credentials, or security
or access codes for an account or device.
(9) Information identifying the sexual behavior of an
individual in a manner inconsistent with the individual's
reasonable expectation regarding the collection,
processing, or transfer of such information. (10) Calendar information, address book information,
phone or text logs, photos, audio recordings, or videos,
maintained for private use by an individual, regardless of whether such information is stored on the individual's
device or is accessible from that device and is backed up
in a separate location. Such information is not sensitive
for purposes of this paragraph if such information is sent
from or to a device provided by an employer to an employee
insofar as such employer provides conspicuous notice that
it may access such information.
(11) A photograph, film, video recording, or other
similar medium that shows the naked or undergarment-clad
private area of an individual.
(12) Information revealing the video content requested
or selected by an individual collected by a covered entity
that is not a provider of a service described in paragraph
(4). This paragraph does not include covered data used
solely for transfers for independent video measurement.
(13) Information about an individual when the covered
entity or service provider has knowledge that the
individual is a covered minor.
(14) An individual's race, color, ethnicity, religion,
or union membership.
(15) Information identifying an individual's online
activities over time and across third party websites or
online services.
(16) Any other covered data collected, processed, or
transferred for the purpose of identifying the types of
covered data listed in paragraphs (1) through (15).
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
""Sensitive covered data" means the following types of
covered data:
(1) A government-issued identifier, such as a Social
Security number, passport number, or driver's license
number, that is not required by law to be displayed in
public.
(2) Any information that describes or reveals the
past, present, or future physical health, mental health,
disability, diagnosis, or health condition or treatment of
an individual.
(3) A financial account number, debit card number,
credit card number, or information that describes or
reveals the income level or bank account balances of an
individual, except that the last four digits of a debit or
credit card number shall not be deemed sensitive covered
data.
(4) Biometric information.
(5) Genetic information. (6) Precise geolocation information.
(7) An individual's private communications such as
voicemail, emails, texts, direct messages, or mail, or
information identifying the parties to such
communications, voice communications, video
communications, and any information that pertains to the
transmission of such communications, including telephone
numbers called, telephone numbers from which calls were
placed, the time calls were made, call duration, and
location information of the parties to the call, unless
the covered entity or a service provider acting on behalf
of the covered entity is the sender or an intended
recipient of the communication. Communications are not
private for purposes of this clause if such communications
are made from or to a device provided by an employer to an
employee insofar as such employer provides conspicuous
notice that such employer may access such communications.
(8) Account or device log-in credentials, or security
or access codes for an account or device.
(9) Information identifying the sexual behavior of an
individual in a manner inconsistent with the individual's
reasonable expectation regarding the collection,
processing, or transfer of such information. (10) Calendar information, address book information,
phone or text logs, photos, audio recordings, or videos,
maintained for private use by an individual, regardless of whether such information is stored on the individual's
device or is accessible from that device and is backed up
in a separate location. Such information is not sensitive
for purposes of this paragraph if such information is sent
from or to a device provided by an employer to an employee
insofar as such employer provides conspicuous notice that
it may access such information.
(11) A photograph, film, video recording, or other
similar medium that shows the naked or undergarment-clad
private area of an individual.
(12) Information revealing the video content requested
or selected by an individual collected by a covered entity
that is not a provider of a service described in paragraph
(4). This paragraph does not include covered data used
solely for transfers for independent video measurement.
(13) Information about an individual when the covered
entity or service provider has knowledge that the
individual is a covered minor.
(14) An individual's race, color, ethnicity, religion,
or union membership.
(15) Information identifying an individual's online
activities over time and across third party websites or
online services.
(16) Any other covered data collected, processed, or
transferred for the purpose of identifying the types of
covered data listed in paragraphs (1) through (15).
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
""Sensitive covered data" means the following types of
covered data:
(1) A government-issued identifier, such as a Social
Security number, passport number, or driver's license
number, that is not required by law to be displayed in
public.
(2) Any information that describes or reveals the
past, present, or future physical health, mental health,
disability, diagnosis, or health condition or treatment of
an individual.
(3) A financial account number, debit card number,
credit card number, or information that describes or
reveals the income level or bank account balances of an
individual, except that the last four digits of a debit or
credit card number shall not be deemed sensitive covered
data.
(4) Biometric information.
(5) Genetic information. (6) Precise geolocation information.
(7) An individual's private communications such as
voicemail, emails, texts, direct messages, or mail, or
information identifying the parties to such
communications, voice communications, video
communications, and any information that pertains to the
transmission of such communications, including telephone
numbers called, telephone numbers from which calls were
placed, the time calls were made, call duration, and
location information of the parties to the call, unless
the covered entity or a service provider acting on behalf
of the covered entity is the sender or an intended
recipient of the communication. Communications are not
private for purposes of this clause if such communications
are made from or to a device provided by an employer to an
employee insofar as such employer provides conspicuous
notice that such employer may access such communications.
(8) Account or device log-in credentials, or security
or access codes for an account or device.
(9) Information identifying the sexual behavior of an
individual in a manner inconsistent with the individual's
reasonable expectation regarding the collection,
processing, or transfer of such information. (10) Calendar information, address book information,
phone or text logs, photos, audio recordings, or videos,
maintained for private use by an individual, regardless of whether such information is stored on the individual's
device or is accessible from that device and is backed up
in a separate location. Such information is not sensitive
for purposes of this paragraph if such information is sent
from or to a device provided by an employer to an employee
insofar as such employer provides conspicuous notice that
it may access such information.
(11) A photograph, film, video recording, or other
similar medium that shows the naked or undergarment-clad
private area of an individual.
(12) Information revealing the video content requested
or selected by an individual collected by a covered entity
that is not a provider of a service described in paragraph
(4). This paragraph does not include covered data used
solely for transfers for independent video measurement.
(13) Information about an individual when the covered
entity or service provider has knowledge that the
individual is a covered minor.
(14) An individual's race, color, ethnicity, religion,
or union membership.
(15) Information identifying an individual's online
activities over time and across third party websites or
online services.
(16) Any other covered data collected, processed, or
transferred for the purpose of identifying the types of
covered data listed in paragraphs (1) through (15).
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
""Sensitive covered data" means the following types of
covered data:
(1) A government-issued identifier, such as a Social
Security number, passport number, or driver's license
number, that is not required by law to be displayed in
public.
(2) Any information that describes or reveals the
past, present, or future physical health, mental health,
disability, diagnosis, or health condition or treatment of
an individual.
(3) A financial account number, debit card number,
credit card number, or information that describes or
reveals the income level or bank account balances of an
individual, except that the last four digits of a debit or
credit card number shall not be deemed sensitive covered
data.
(4) Biometric information.
(5) Genetic information. (6) Precise geolocation information.
(7) An individual's private communications such as
voicemail, emails, texts, direct messages, or mail, or
information identifying the parties to such
communications, voice communications, video
communications, and any information that pertains to the
transmission of such communications, including telephone
numbers called, telephone numbers from which calls were
placed, the time calls were made, call duration, and
location information of the parties to the call, unless
the covered entity or a service provider acting on behalf
of the covered entity is the sender or an intended
recipient of the communication. Communications are not
private for purposes of this clause if such communications
are made from or to a device provided by an employer to an
employee insofar as such employer provides conspicuous
notice that such employer may access such communications.
(8) Account or device log-in credentials, or security
or access codes for an account or device.
(9) Information identifying the sexual behavior of an
individual in a manner inconsistent with the individual's
reasonable expectation regarding the collection,
processing, or transfer of such information. (10) Calendar information, address book information,
phone or text logs, photos, audio recordings, or videos,
maintained for private use by an individual, regardless of whether such information is stored on the individual's
device or is accessible from that device and is backed up
in a separate location. Such information is not sensitive
for purposes of this paragraph if such information is sent
from or to a device provided by an employer to an employee
insofar as such employer provides conspicuous notice that
it may access such information.
(11) A photograph, film, video recording, or other
similar medium that shows the naked or undergarment-clad
private area of an individual.
(12) Information revealing the video content requested
or selected by an individual collected by a covered entity
that is not a provider of a service described in paragraph
(4). This paragraph does not include covered data used
solely for transfers for independent video measurement.
(13) Information about an individual when the covered
entity or service provider has knowledge that the
individual is a covered minor.
(14) An individual's race, color, ethnicity, religion,
or union membership.
(15) Information identifying an individual's online
activities over time and across third party websites or
online services.
(16) Any other covered data collected, processed, or
transferred for the purpose of identifying the types of
covered data listed in paragraphs (1) through (15).
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
""Sensitive covered data" means the following types of
covered data:
(1) A government-issued identifier, such as a Social
Security number, passport number, or driver's license
number, that is not required by law to be displayed in
public.
(2) Any information that describes or reveals the
past, present, or future physical health, mental health,
disability, diagnosis, or health condition or treatment of
an individual.
(3) A financial account number, debit card number,
credit card number, or information that describes or
reveals the income level or bank account balances of an
individual, except that the last four digits of a debit or
credit card number shall not be deemed sensitive covered
data.
(4) Biometric information.
(5) Genetic information. (6) Precise geolocation information.
(7) An individual's private communications such as
voicemail, emails, texts, direct messages, or mail, or
information identifying the parties to such
communications, voice communications, video
communications, and any information that pertains to the
transmission of such communications, including telephone
numbers called, telephone numbers from which calls were
placed, the time calls were made, call duration, and
location information of the parties to the call, unless
the covered entity or a service provider acting on behalf
of the covered entity is the sender or an intended
recipient of the communication. Communications are not
private for purposes of this clause if such communications
are made from or to a device provided by an employer to an
employee insofar as such employer provides conspicuous
notice that such employer may access such communications.
(8) Account or device log-in credentials, or security
or access codes for an account or device.
(9) Information identifying the sexual behavior of an
individual in a manner inconsistent with the individual's
reasonable expectation regarding the collection,
processing, or transfer of such information. (10) Calendar information, address book information,
phone or text logs, photos, audio recordings, or videos,
maintained for private use by an individual, regardless of whether such information is stored on the individual's
device or is accessible from that device and is backed up
in a separate location. Such information is not sensitive
for purposes of this paragraph if such information is sent
from or to a device provided by an employer to an employee
insofar as such employer provides conspicuous notice that
it may access such information.
(11) A photograph, film, video recording, or other
similar medium that shows the naked or undergarment-clad
private area of an individual.
(12) Information revealing the video content requested
or selected by an individual collected by a covered entity
that is not a provider of a service described in paragraph
(4). This paragraph does not include covered data used
solely for transfers for independent video measurement.
(13) Information about an individual when the covered
entity or service provider has knowledge that the
individual is a covered minor.
(14) An individual's race, color, ethnicity, religion,
or union membership.
(15) Information identifying an individual's online
activities over time and across third party websites or
online services.
(16) Any other covered data collected, processed, or
transferred for the purpose of identifying the types of
covered data listed in paragraphs (1) through (15).
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
Extract :
Data entered based on reference
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
Extract :
Data entered based on reference
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
Extract :
Data entered based on reference
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
Extract :
Data entered based on reference
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
Extract :
Data entered based on reference
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
Data entered based on reference.
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
Data entered based on reference.
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
Data entered based on reference.
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
Data entered based on reference.
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
Data entered based on reference.
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
Data entered based on reference.
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
Data entered based on reference.
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
"Under PIPA, the Attorney General may seek remedies against any data collector in violation of the law.
Those remedies include:
injunctive relief;
suspension of licenses;
revocation of the right to do business in Illinois; and
restitution, and civil penalties up to $50,000.
If the violation is performed with the intent to defraud a resident, a court may impose a civil penalty of up to $50,000 for each violation.
Additional penalties apply to violations involving a person over the age of 65.
PIPA also allows for a private right of action.
Under BIPA, if a business negligently violates this law, the law will allow the alleged injured party to claim:
Damages of $1,000 per violation, or
Actual damages.
If this law was violated intentionally or recklessly, the alleged injured party can claim:
Damages of up to $5,000 per violation; or
Actual damages."
Reference :
Multilaw Data Protection Guide
Comparison of data protection law across countries
Link to reference Extracts :
Extract :
Extracts :
Extract :
There is no information on this in PIPA (or any other reference).
2006
Reference :
Personal Information Protection Act (815 ILCS 530/1) | PIPA
Information on Illinois data protection regulations | Breach notifications
Link to reference Extracts :
Extract :
There is no information on this in PIPA (or any other reference).
2006
Reference :
Personal Information Protection Act (815 ILCS 530/1) | PIPA
Information on Illinois data protection regulations | Breach notifications
Link to reference Extracts :
Extract :
"(740 ILCS 14/20)
Sec. 20. Right of action. Any person aggrieved by a violation of this Act shall have a right of action in a State circuit court or as a supplemental claim in federal district court against an offending party. A prevailing party may recover for each violation:
(1) against a private entity that negligently
violates a provision of this Act, liquidated damages of $1,000 or actual damages, whichever is greater;
(2) against a private entity that intentionally or
recklessly violates a provision of this Act, liquidated damages of $5,000 or actual damages, whichever is greater;
(3) reasonable attorneys' fees and costs, including
expert witness fees and other litigation expenses; and
(4) other relief, including an injunction, as the
State or federal court may deem appropriate.
(Source: P.A. 95-994, eff. 10-3-08.)"
Reference :
Multilaw Data Protection Guide
Comparison of data protection law across countries
Link to reference Extracts :
Extract :
There is no information on PIPA/BIPA on this.
Extracts :
Extract :
There is no information on PIPA/BIPA on this.
Extracts :
Extract :
"Right of action. Any person aggrieved by a violation of this Act shall have a right of action in a State circuit court or as a supplemental claim in federal district court against an offending party. A prevailing party may recover for each violation:
(1) against a private entity that negligently
violates a provision of this Act, liquidated damages of $1,000 or actual damages, whichever is greater;
(2) against a private entity that intentionally or
recklessly violates a provision of this Act, liquidated damages of $5,000 or actual damages, whichever is greater;
(3) reasonable attorneys' fees and costs, including
expert witness fees and other litigation expenses; and
(4) other relief, including an injunction, as the
State or federal court may deem appropriate.
(Source: P.A. 95-994, eff. 10-3-08.)"
2006
Reference :
Personal Information Protection Act (815 ILCS 530/1) | PIPA
Information on Illinois data protection regulations | Breach notifications
Link to reference Extracts :
Extract :
There is no information on this in PIPA (or any other reference).
2006
Reference :
Personal Information Protection Act (815 ILCS 530/1) | PIPA
Information on Illinois data protection regulations | Breach notifications
Link to reference Extracts :
Extract :
Extracts :
Extract :
"No."
Reference :
Multilaw Data Protection Guide
Comparison of data protection law across countries
Link to reference Extracts :
Extract :
No information on the official text of HB 3385.
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
"Any data collector that owns or licenses personal information concerning an Illinois resident shall notify the resident at no charge that there has been a breach of the security of the system data following discovery or notification of the breach. The disclosure notification shall be made in the most expedient time possible and without unreasonable delay, consistent with any measures necessary to determine the scope of the breach and restore the reasonable integrity, security, and confidentiality of the data system."
2006
Reference :
Personal Information Protection Act (815 ILCS 530/1) | PIPA
Information on Illinois data protection regulations | Breach notifications
Link to reference Extracts :
Extract :
"Any data collector required to issue notice pursuant to this Section to more than 500 Illinois residents as a result of a single breach of the security system shall provide notice to the Attorney General of the breach, including:
(A) A description of the nature of the breach of
security or unauthorized acquisition or use.
(B) The number of Illinois residents affected by such
incident at the time of notification.
(C) Any steps the data collector has taken or plans
to take relating to the incident."
2006
Reference :
Personal Information Protection Act (815 ILCS 530/1) | PIPA
Information on Illinois data protection regulations | Breach notifications
Link to reference Extracts :
Extract :
No information on the PIPA text based on this requirement. No definition of "Data processor", only the "Data controller" is defined.
2006
Reference :
Personal Information Protection Act (815 ILCS 530/1) | PIPA
Information on Illinois data protection regulations | Breach notifications
Link to reference Extracts :
Extract :
No information on the PIPA text based on this requirement. No definition of "Data processor", only the "Data controller" is defined.
2006
Reference :
Personal Information Protection Act (815 ILCS 530/1) | PIPA
Information on Illinois data protection regulations | Breach notifications
Link to reference Extracts :
Extract :
No information on the PIPA text based on this requirement. No definition of "Data processor", only the "Data controller" is defined.
2006
Reference :
Personal Information Protection Act (815 ILCS 530/1) | PIPA
Information on Illinois data protection regulations | Breach notifications
Link to reference Extracts :
Extract :
"A covered entity or service provider shall establish,
implement, and maintain reasonable administrative, technical,
and physical data security practices and procedures to protect
and secure covered data against unauthorized access and
acquisition."
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
No information on the official text of HB 3385.
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
"to the extent technically feasible, export to the
individual or directly to another entity the covered data of the individual that is processed by the covered entity,
including inferences linked or reasonably linkable to the
individual but not including other derived data, without
licensing restrictions that limit such transfers in:
(A) a human-readable format that a reasonable
individual can understand and download from the
Internet; and
(B) a portable, structured, interoperable, and
machine-readable format"
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
There is no information found in the HB 3385 on this right.
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
"Consumers may request the following information of businesses: (1) Copies of specific pieces of personal information about the consumer processed by the business. (2) Categories of sources for the personal information processed. (3) Name and contact information for each third party and affiliate to whom the personal information is disclosed or sold."
2020
Reference :
SB 2330
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
"A covered entity may not transfer or direct the
transfer of the covered data of a covered minor to a third
party if the covered entity has knowledge that the individual
is a covered minor; and has not obtained affirmative express
consent from the covered minor or the covered minor's parent
or guardian; provided that a covered entity or service
provider may collect, process, or transfer covered data of an
individual the covered entity or service provider knows is
under the age of 18 solely in order to submit information
relating to child victimization to law enforcement or to the
nonprofit, national resource center and clearinghouse
congressionally designated to provide assistance to victims,
families, child-serving professionals, and the general public
on missing and exploited children issues."
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
"in a human-readable format that a reasonable
individual can understand and download from the
Internet, the covered data (except covered data in a
back-up or archival system) of the individual making
the request that is collected, processed, or
transferred by the covered entity or any service
provider of the covered entity within the 24 months
preceding the request;"
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
"correct any verifiable substantial inaccuracy or
substantially incomplete information with respect to the
covered data of the individual that is processed by the
covered entity and instruct the covered entity to make
reasonable efforts to notify all third parties or service
providers to which the covered entity transferred such
covered data of the corrected information;"
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
"delete covered data of the individual that is
processed by the covered entity and instruct the covered
entity to make reasonable efforts to notify all third
parties or service providers to which the covered entity
transferred such covered data of the individual's deletion
request;"
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
"A covered entity shall provide an individual with a
clear and conspicuous, easy-to-execute means to withdraw any
affirmative express consent previously provided by the
individual that is as easy to execute by a reasonable
individual as the means to provide consent, with respect to
the processing or transfer of the covered data of the
individual."
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
No information on the official text of HB 3385.
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
No information on the official text of HB 3385.
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
No information on the official text of HB 3385.
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
"Notwithstanding Section 10 and
9 unless an exception applies, with respect to covered data, a
10 covered entity or service provider may not: ..... (3) transfer an individual's sensitive covered data to a third party, unless:
(A) the transfer is made pursuant to the affirmative express consent of the individual; (B) the transfer is necessary to comply with a legal obligation imposed by federal, State, tribal, or local law, or to establish, exercise, or defend legal claims;"
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
No information on the official text of HB 3385.
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
No information on the official text of HB 3385.
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
No information on the official text of HB 3385.
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
"The EU Adequacy Decision allows the DPF to go into effect immediately, allowing organizations in the EEA to transfer personal data to U.S. companies that self-certify to the DPF. The DPF is based on a system of self-certification where U.S. organizations commit to a set of privacy principles identified by the Department of Commerce ("DoC") . These Principles address certain fundamental data privacy principles such as notice, choice (ability to opt out), accountability for onward transfer, security, data integrity, purpose limitation, access, and recourse.
The new safeguards and redress measures controlling personal data collected by U.S. intelligence agencies also have become effective. The safeguards provide detailed guidelines and procedures governing access to personal data, including subpoena and warrant requirements. In addition, the redress measures available to individuals includes investigation of complaints by U.S. Civil Liberties Protection Officers, with appeals going to a newly created Data Protection Review Court. "
2023
Reference :
US and EU Approve Framework for Personal Data Transfers
Information on EU-US data transfer | White & Case
Link to reference Extracts :
Extract :
"colloquially referred to as Convention 108+, was signed by Austria, Belgium, Bulgaria, Czech Republic, Estonia, Finland, France, Germany, Ireland, Latvia, Lithuania, Luxembourg, Monaco, Netherlands, Norway, Portugal, Spain, Sweden, the U.K., and by Uruguay, one of the six non-European states that have so far joined Convention 108. The other five non-European states are Cape Verde, Mauritius, Mexico, Senegal and Tunisia. Another three countries ā Argentina, Burkina Faso and Morocco ā have also been invited to accede to the treaty."
2018
Reference :
What does the newly signed 'Convention 108+' mean for UK adequacy?
List of countries in the Convention 108
Link to reference Extracts :
Extract :
No information on the official text of HB 3385.
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
Since the APEC applies to the USA Federal, it is assumed that it applied to all states as well.
Reference :
International Data transfer Agreements | DataGuidance
Comparison of international data transfer agreements
Extracts :
Extract :
No information on the official text of HB 3385.
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
No information on the official text of HB 3385.
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
No information on the official text of HB 3385.
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
Information contained in Section 65 "Executive Responsibility". Too much information to summarize here.
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
"A covered entity or service provider that is not a small business shall designate one or more qualified employees as privacy officers; and one or more qualified employees as data security officers."
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
"A covered entity or service provider that is not a
small business shall designate one or more qualified employees
as privacy officers; and one or more qualified employees as
data security officers."
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
Information contained in Section 65 "Executive Responsibility". Too much information to summarize here.
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
No information on the official text of HB 3385.
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
"Each covered entity and service provider shall make
publicly available, in a clear, conspicuous, not misleading,
and easy-to-read and readily accessible manner, a privacy
policy that provides a detailed and accurate representation of
the data collection, processing, and transfer activities of
the covered entity. The policy must be provided in a manner that is reasonably accessible to and usable by individuals
with disabilities. The policy shall be made available to the
public in each covered language in which the covered entity or
service provider provides a product or service that is subject
to the privacy policy; or carries out activities related to
such product or service. The policy must include, at a
minimum, the following: ..... A prominent description of how an individual can
exercise the rights described in this Act."
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
""Each covered entity and service provider shall make
publicly available, in a clear, conspicuous, not misleading,
and easy-to-read and readily accessible manner, a privacy
policy that provides a detailed and accurate representation of
the data collection, processing, and transfer activities of
the covered entity. The policy must be provided in a manner that is reasonably accessible to and usable by individuals
with disabilities. The policy shall be made available to the
public in each covered language in which the covered entity or
service provider provides a product or service that is subject
to the privacy policy; or carries out activities related to
such product or service. The policy must include, at a
minimum, the following: ..... 1) The identity and the contact information of:
(A) the covered entity or service provider to
which the privacy policy applies (including the
covered entity's or service provider's points of
contact and generic electronic mail addresses, as
applicable for privacy and data security inquiries);
and
(B) any other entity within the same corporate
structure as the covered entity or service provider to
which covered data is transferred by the covered
entity."
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
"Each covered entity and service provider shall make
publicly available, in a clear, conspicuous, not misleading,
and easy-to-read and readily accessible manner, a privacy
policy that provides a detailed and accurate representation of
the data collection, processing, and transfer activities of
the covered entity. The policy must be provided in a manner that is reasonably accessible to and usable by individuals
with disabilities. The policy shall be made available to the
public in each covered language in which the covered entity or
service provider provides a product or service that is subject
to the privacy policy; or carries out activities related to
such product or service. The policy must include, at a
minimum, the following: ..... The processing purposes for each category of
covered data the covered entity or service provider
collects or processes."
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
"The policy must include, at a minimum, the following:
(1) The identity and the contact information of:
(A) the covered entity or service provider to
which the privacy policy applies (including the
covered entity's or service provider's points of
contact and generic electronic mail addresses, as
applicable for privacy and data security inquiries);
and
(B) any other entity within the same corporate
structure as the covered entity or service provider to
which covered data is transferred by the covered
(2) The categories of covered data the covered entity
or service provider collects or processes.
(3) The processing purposes for each category of
covered data the covered entity or service provider
collects or processes.
(4) Whether the covered entity or service provider
transfers covered data and, if so, each category of
service provider and third party to which the covered entity or service provider transfers covered data, the
name of each data broker to which the covered entity or
service provider transfers covered data, and the purposes
for which such data is transferred to such categories of
service providers and third parties or third-party
collecting entities, except for a transfer to a
governmental entity pursuant to a court order or law that
prohibits the covered entity or service provider from
disclosing such transfer.
(5) The length of time the covered entity or service
provider intends to retain each category of covered data,
including sensitive covered data, or, if it is not
possible to identify that timeframe, the criteria used to
determine the length of time the covered entity or service
provider intends to retain categories of covered data.
(6) A prominent description of how an individual can
exercise the rights described in this Act.
(7) A general description of the covered entity's or
service provider's data security practices.
(8) The effective date of the privacy policy."
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extract :
Extracts :
Extract :
There is no information on this in the legal texts.
2023
Reference :
What Is a CCPA Privacy Policy? Do You Need One?
Information on California's privacy notice | Bloomberg
Link to reference Extract :
Extracts :
Extract :
"The policy must include, at a minimum, the following:
(1) The identity and the contact information of:
(A) the covered entity or service provider to
which the privacy policy applies (including the
covered entity's or service provider's points of
contact and generic electronic mail addresses, as
applicable for privacy and data security inquiries);
and
(B) any other entity within the same corporate
structure as the covered entity or service provider to
which covered data is transferred by the covered
(2) The categories of covered data the covered entity
or service provider collects or processes.
(3) The processing purposes for each category of
covered data the covered entity or service provider
collects or processes.
(4) Whether the covered entity or service provider
transfers covered data and, if so, each category of
service provider and third party to which the covered entity or service provider transfers covered data, the
name of each data broker to which the covered entity or
service provider transfers covered data, and the purposes
for which such data is transferred to such categories of
service providers and third parties or third-party
collecting entities, except for a transfer to a
governmental entity pursuant to a court order or law that
prohibits the covered entity or service provider from
disclosing such transfer.
(5) The length of time the covered entity or service
provider intends to retain each category of covered data,
including sensitive covered data, or, if it is not
possible to identify that timeframe, the criteria used to
determine the length of time the covered entity or service
provider intends to retain categories of covered data.
(6) A prominent description of how an individual can
exercise the rights described in this Act.
(7) A general description of the covered entity's or
service provider's data security practices.
(8) The effective date of the privacy policy."
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extract :
Extracts :
Extract :
"The policy must include, at a minimum, the following:
(1) The identity and the contact information of:
(A) the covered entity or service provider to
which the privacy policy applies (including the
covered entity's or service provider's points of
contact and generic electronic mail addresses, as
applicable for privacy and data security inquiries);
and
(B) any other entity within the same corporate
structure as the covered entity or service provider to
which covered data is transferred by the covered
(2) The categories of covered data the covered entity
or service provider collects or processes.
(3) The processing purposes for each category of
covered data the covered entity or service provider
collects or processes.
(4) Whether the covered entity or service provider
transfers covered data and, if so, each category of
service provider and third party to which the covered entity or service provider transfers covered data, the
name of each data broker to which the covered entity or
service provider transfers covered data, and the purposes
for which such data is transferred to such categories of
service providers and third parties or third-party
collecting entities, except for a transfer to a
governmental entity pursuant to a court order or law that
prohibits the covered entity or service provider from
disclosing such transfer.
(5) The length of time the covered entity or service
provider intends to retain each category of covered data,
including sensitive covered data, or, if it is not
possible to identify that timeframe, the criteria used to
determine the length of time the covered entity or service
provider intends to retain categories of covered data.
(6) A prominent description of how an individual can
exercise the rights described in this Act.
(7) A general description of the covered entity's or
service provider's data security practices.
(8) The effective date of the privacy policy."
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extract :
Extracts :
Extract :
"The policy must include, at a minimum, the following:
(1) The identity and the contact information of:
(A) the covered entity or service provider to
which the privacy policy applies (including the
covered entity's or service provider's points of
contact and generic electronic mail addresses, as
applicable for privacy and data security inquiries);
and
(B) any other entity within the same corporate
structure as the covered entity or service provider to
which covered data is transferred by the covered
(2) The categories of covered data the covered entity
or service provider collects or processes.
(3) The processing purposes for each category of
covered data the covered entity or service provider
collects or processes.
(4) Whether the covered entity or service provider
transfers covered data and, if so, each category of
service provider and third party to which the covered entity or service provider transfers covered data, the
name of each data broker to which the covered entity or
service provider transfers covered data, and the purposes
for which such data is transferred to such categories of
service providers and third parties or third-party
collecting entities, except for a transfer to a
governmental entity pursuant to a court order or law that
prohibits the covered entity or service provider from
disclosing such transfer.
(5) The length of time the covered entity or service
provider intends to retain each category of covered data,
including sensitive covered data, or, if it is not
possible to identify that timeframe, the criteria used to
determine the length of time the covered entity or service
provider intends to retain categories of covered data.
(6) A prominent description of how an individual can
exercise the rights described in this Act.
(7) A general description of the covered entity's or
service provider's data security practices.
(8) The effective date of the privacy policy."
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extract :
Extracts :
Extract :
Extracts :
Extract :
"An employee who is designated by a covered entity
or a service provider as a privacy officer or a data
security officer shall, at a minimum: ...... maintain updated, accurate, clear, and
understandable records of all material privacy and
data security practices undertaken by the large data
holder;"
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
"Not later than one year after the date of enactment of
this Act and biennially thereafter, each covered entity that
is not a small business shall conduct a privacy impact
assessment. Such assessment shall weigh the benefits of the
covered entity's covered data collecting, processing, and
transfer practices that may cause a substantial privacy risk
against the potential material adverse consequences of such
practices to individual privacy."
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference Extracts :
Extract :
No information on the official text of HB 3385.
2023
Reference :
HB 3385 | Illinois Data Privacy and Protection Act
Information on Illinois data protection regulations
Link to reference | Name | Short name | Classification | Jurisdiction | Year of creation |
|---|---|---|---|---|
| Attorney General | AG | Regulator | Govt authority/ministry |
| Legal text name | Original text name | Legislation type | Year signed | Regulation status | In effect since | Latest update initiated | Latest update areas | Latest update signed year |
|---|---|---|---|---|---|---|---|---|
| Illinois Data Privacy and Protection Act | HB 3385 | General privacy/data protection law | null | In legal process | |||||
| SB1624 | Personal Information Protection Act (PIPA) | Data breach law | 2006 | Active | 2006 | 2017 | 2020 |