SPRINGFIELD—Gov. Bruce Rauner last month signed House Bill 1260, a law supporters say would update Illinois’ data breach notice law to make it more consistent with state-of-the-art technology.
Supporters believe the law needed to be made more modern and incorporate new trends in information technology.
The new law added health insurance, medical and biometric information to the list of data elements that are considered a breach. The bill broadened the definition of what information triggers notifications to consumers. It also allowed email notification to consumers when a breach has occurred, which lets consumers quickly take steps to protect their accounts. If a customer’s username and password or security questions are compromised, this could also be considered a breach.
“Universal definitions and framework is a step in the right direction to protect consumers,” said Eva Valasquez, president of CEO of Identity Theft Resource Center (ITRC). “The intent of the bill seems to be mirroring what California did, that is, put more framework around IT breaches.”
Velasquez recently discussed the growing problem of identity theft in the United States.
“According to the FBI, overall crime is down, but the metrics that measure crime don’t identify (all types of) identity theft," she said. "We really don’t know the full story because we don’t have all the statistics."
Identity theft comes in many forms besides just financial identity theft, including criminal, medical and government identity, according to "Identity Theft: The Aftermath 2013," a report conducted by the ITRC.
“It is crucial that we continue to capture detection and resolution statistics for this crime," Velasquez said in the report. "Building an understanding of the victim experience and the roadblocks they face allows us to develop better remediation strategies for future victims.”
The report said there has not been a real increase in early detection rates since 2007.
"How individuals discover they have become victims remains an important detail in our efforts to combat this crime," the report stated. "The sooner victims discover the crime, the less damage thieves are able to inflict.”
H.B. 1260 addresses the time frame and methods of notification. Organizations can now contact consumers by email instead of a letter through the mail. In the IRTC’s study, the most common way that victims discovered their identity theft was from their financial institution. H.B. 1260 also increases the publicity of a breach by allowing notice to prominent media in geographical regions where affected individuals may live.
“In 2014, the Bureau of Justice reported 17.6 million victims, or seven percent of the U.S. population, of identity theft and economic crimes," Velasquez said. "The number of complaints to the Federal Trade Commission doubled in one year, and it carries an annual cost of $18 billion. Identity theft affects more than just finances. The emotional and behavioral effects of identity theft are many, and continue well beyond the initial crime.”