SB 1740

Abstract

Creates the Ransomware Attack Act. Provides that a governmental unit (the State, a unit of local government, or any other subdivision of the State) may not use any public funds to pay any person or entity to recover its computer system after a ransomware attack unless the Governor first makes a proclamation that the ransomware attack against the governmental unit is a disaster under the Illinois Emergency Management Agency Act and, in the proclamation, authorizes the governmental unit to make a payment to recover its computer system following the ransomware attack. Requires a governmental unit to report a ransomware attack to the Department of Innovation and Technology no later than 24 hours after discovering the attack, and requires the Department of Innovation and Technology to adopt rules to implement reporting requirements. Limits the current exercise of home rule powers. Effective immediately.