Can I skip obtaining consent to disclose personal information for a business purpose in Illinois? What are the requirements?

To disclose personal information for a business purpose in Illinois, you generally need to obtain consent from the individual whose information you want to disclose. Required Consents Prior to Disclosure of Personal Information ^[1.2] states that “no person may disclose personal information about an individual without first obtaining the individual’s consent, unless the disclosure is otherwise authorized by law.” However, there are exceptions to this rule. For example, Release of Confidential Information with the Consent of the Customer ^[5.1] allows for the release of confidential information with the consent of the customer. Additionally, 815 ILCS 530/45 ^[3.1] requires data collectors to implement and maintain reasonable security measures to protect records containing personal information from unauthorized access, acquisition, destruction, use, modification, or disclosure.

There are also other exceptions to notice and opt-out requirements for disclosure of nonpublic personal financial information ^[2.1][2.2]. Furthermore, 815 ILCS 530/10 ^[3.2] requires data collectors to notify Illinois residents of any breach of the security of the system data following discovery or notification of the breach. The disclosure notification shall be made in the most expedient time possible and without unreasonable delay, consistent with any measures necessary to determine the scope of the breach and restore the reasonable integrity, security, and confidentiality of the data system.

In summary, obtaining consent is generally required to disclose personal information for a business purpose in Illinois, unless there is an exception or the data collector is in compliance with state or federal law. Additionally, data collectors must implement and maintain reasonable security measures to protect records containing personal information. There are also exceptions to notice and opt-out requirements for disclosure of nonpublic personal financial information, and data collectors must notify Illinois residents of any breach of the security of the system data.

Source(s):

• [2.1] Other Exceptions to Notice and Opt Out Requirements for Disclosure of Nonpublic Personal Financial Information
• [1.2] Required Consents Prior to Disclosure of Personal Information
• [2.2] Exception to Opt Out Requirements for Disclosure of Nonpublic Personal Financial Information for Service Providers and Joint Marketing
• [3.1] 815 ILCS 530/45
• [3.2] 815 ILCS 530/10
• [5.1] Release of Confidential Information with the Consent of the Customer

Jurisdiction

Illinois

• Privacy