Can I share personal information about my customers with third parties in Illinois? What are the requirements?

Here is the answer to your query:

Sharing Personal Information with Third Parties in Illinois

Illinois has specific laws and regulations regarding the sharing of personal information with third parties. The Illinois Personal Information Protection Act (PIPA) ^[2.2] requires data collectors to implement and maintain reasonable security measures to protect personal information concerning an Illinois resident from unauthorized access, acquisition, destruction, use, modification, or disclosure. Additionally, any data collector that owns or licenses personal information concerning an Illinois resident must notify the resident at no charge if there has been a breach of the security of the system data following discovery or notification of the breach ^[2.2].

Requirements for Sharing Personal Information with Third Parties

The Illinois Administrative Code ^{[1.1][1.2][1.3][1.4][1.5][1.6][1.7]} provides specific requirements for sharing personal information with third parties. In general, a financial institution must provide notice to its customers before sharing nonpublic personal information with nonaffiliated third parties and give customers the opportunity to opt-out of such sharing ^[1.1]. However, there are exceptions to this requirement, such as when sharing information with service providers and joint marketers ^[1.3] or for processing and servicing transactions ^[1.7].

Conclusion

In summary, sharing personal information with third parties in Illinois is subject to specific laws and regulations. Financial institutions must provide notice to customers before sharing nonpublic personal information with nonaffiliated third parties, with some exceptions. Additionally, data collectors must implement and maintain reasonable security measures to protect personal information concerning an Illinois resident from unauthorized access, acquisition, destruction, use, modification, or disclosure and notify the resident in case of a breach ^[2.2].

Source(s):

• [1.1] Limits on Disclosure of Nonpublic Personal Financial Information to Nonaffiliated Third Parties
• [1.2] Annual Privacy Notice to Customers
• [1.3] Exception to Opt Out Requirements for Disclosure of Nonpublic Personal Financial Information for Service Providers and Joint Marketing
• [1.4] Information to be Included in Privacy Notices
• [1.5] Other Exceptions to Notice and Opt Out Requirements for Disclosure of Nonpublic Personal Financial Information
• [1.6] Limits on Redisclosure and Reuse of Nonpublic Personal Financial Information
• [2.2] 815 ILCS 530/10
• [1.7] Exceptions to Notice and Opt Out Requirements for Disclosure of Nonpublic Personal Financial Information for Processing and Servicing Transactions

Jurisdiction

Illinois

• Privacy