Ask Reggi Your Question Now

Reggi is the free generative AI assistance for regulatory compliance
Ask a Question

Can I store personal information about my customers in Illinois? What are the requirements?

Storing Personal Information of Customers in Illinois

Yes, you can store personal information about your customers in Illinois, but you must comply with the requirements set forth in the Illinois Personal Information Protection Act (PIPA) [1.1].

Under PIPA, any data collector that owns or licenses, or maintains or stores but does not own or license, records that contain personal information concerning an Illinois resident shall implement and maintain reasonable security measures to protect those records from unauthorized access, acquisition, destruction, use, modification, or disclosure [1.1].

Additionally, if a state or federal law requires a data collector to provide greater protection to records that contain personal information concerning an Illinois resident that are maintained by the data collector and the data collector is in compliance with the provisions of that state or federal law, the data collector shall be deemed to be in compliance with the provisions of PIPA [1.1].

If you experience a breach of the security of the system data, you must notify the resident at no charge that there has been a breach of the security of the system data following discovery or notification of the breach. The disclosure notification shall be made in the most expedient time possible and without unreasonable delay, consistent with any measures necessary to determine the scope of the breach and restore the reasonable integrity, security, and confidentiality of the data system [1.2].

Conclusion

In summary, you can store personal information about your customers in Illinois, but you must implement and maintain reasonable security measures to protect those records from unauthorized access, acquisition, destruction, use, modification, or disclosure. If you experience a breach of the security of the system data, you must notify the resident at no charge that there has been a breach of the security of the system data following discovery or notification of the breach.

Source(s):
Jurisdiction

Illinois