HB 3040

  • Illinois House Bill
  • 102nd Regular Session
  • Introduced in House
  • House
  • Senate
  • Governor

Insurance Data Security Act

Abstract

Creates the Insurance Data Security Act. Requires any person licensed, authorized to operate, or registered as an insurer in accordance with the insurance laws of this State to conduct a risk assessment of cybersecurity threats, implement appropriate security measures, and no less than annually assess the effectiveness of the safeguards' key controls, systems, and procedures. Requires a licensee to develop, implement, and maintain a written information security program based on the licensee's risk assessment. Requires each licensee to establish a written incident response plan designed to promptly respond to, and recover from, any cybersecurity event that compromises the confidentiality, integrity, or availability of nonpublic information in its possession, the licensee's information systems, or the continuing functionality of any aspect of the licensee's business or operations. Requires licensees domiciled in this State to annually submit a written certification of compliance to the Director of Insurance. Provides that a licensee shall notify the Director as promptly as possible, but not later than 72 hours from a determination that a cybersecurity event has occurred in specified circumstances. Provides standards and procedures for risk management, data security, and notification and investigation of cybersecurity events resulting in unauthorized access to, disruption of, or misuse of nonpublic data. Provides that the Director has the power to examine and investigate to determine whether a licensee has been or is engaged in any conduct in violation of the Act. Grants the Department of Insurance rulemaking authority to implement the Act. Provides that any documents, materials, or other information obtained pursuant to the Act is confidential by law and privileged, is not subject to the Freedom of Information Act, is not subject to subpoena, and is not subject to discovery or admissible in evidence in any private civil action. Makes a conforming change in the Freedom of Information Act. Defines terms. Effective January 1, 2022.

Bill Sponsors (1)

Votes


No votes to display

Actions


Jan 10, 2023

House

Session Sine Die

Mar 27, 2021

House

Rule 19(a) / Re-referred to Rules Committee

Mar 16, 2021

House

Assigned to Cybersecurity, Data Analytics, & IT Committee

Feb 19, 2021

House

First Reading

House

Referred to Rules Committee

Feb 18, 2021

House

Filed with the Clerk by Rep. Keith R. Wheeler

Bill Text

Bill Text Versions Format
Introduced HTML PDF

Related Documents

Document Format
No related documents.

Sources

Data on Open States is updated periodically throughout the day from the official website of the Illinois General Assembly.

If you notice any inconsistencies with these official sources, feel free to file an issue.