Can I collect cookie information from participants in Illinois? What are the requirements?

Based on the provided context documents, the collection of cookie information from participants in Illinois is not explicitly addressed. However, the Illinois Personal Information Protection Act (815 ILCS 530) does define “personal information” to include “user name or email address, in combination with a password or security question and answer that would permit access to an online account” ^[1.6]. This suggests that collecting information that would allow access to an online account without proper security measures in place could be a violation of Illinois law.

Additionally, the Act requires data collectors to implement and maintain reasonable security measures to protect records containing personal information from unauthorized access, acquisition, destruction, use, modification, or disclosure ^[1.1]. Therefore, if cookie information is considered personal information under Illinois law, data collectors would need to implement reasonable security measures to protect it.

Under the Illinois Personal Information Protection Act, any data collector that owns or licenses personal information concerning an Illinois resident shall notify the resident at no charge that there has been a breach of the security of the system data following discovery or notification of the breach ^[1.2]. The data collector must dispose of the materials containing personal information in a manner that renders the personal information unreadable, unusable, and undecipherable ^[1.4].

It is recommended that you consult with a legal professional to determine the specific requirements for collecting cookie information from participants in Illinois.

Source(s):

• [1.1] 815 ILCS 530/45
• [1.2] 815 ILCS 530/10
• [1.4] 815 ILCS 530/40
• [1.6] 815 ILCS 530/5

Jurisdiction

Illinois

• Privacy