The Illinois legislature has passed a bill that would require data owners to include specific information in a letter notifying an Illinois resident of a data breach affecting that resident’s personal information. The bill, which still must be signed by Governor Pat Quinn, would require notice letters to include “(i) the toll-free numbers and addresses for consumer reporting agencies, (ii) the toll-free number, address, and website address for the Federal Trade Commission, and (iii) a statement that the individual can obtain information from these sources about fraud alerts and security freezes.” The bill would also require that the letters not include “information concerning the number of Illinois residents affected by the breach.”
Illinois would join several other states whose breach notice laws require consumer letters to include specific contents. If Gov. Quinn signs the bill, its requirements would take effect next year.