Ask Reggi Your Question Now

Reggi is the free generative AI assistance for regulatory compliance
Ask a Question

Can I use third-party email marketing tools that collect personal information in Illinois? What are the requirements?

Using Third-Party Email Marketing Tools that Collect Personal Information in Illinois

Yes, you can use third-party email marketing tools that collect personal information in Illinois, but you must comply with the state’s data privacy laws. Specifically, you must comply with the Illinois Personal Information Protection Act (815 ILCS 530/1 et seq.) and the Illinois Consumer Fraud and Deceptive Business Practices Act (815 ILCS 505/1 et seq.).

Under the Illinois Personal Information Protection Act, any data collector that owns or licenses personal information concerning an Illinois resident must implement and maintain reasonable security measures to protect those records from unauthorized access, acquisition, destruction, use, modification, or disclosure [2.3]. Additionally, any data collector that owns or licenses personal information concerning an Illinois resident must notify the resident at no charge that there has been a breach of the security of the system data following discovery or notification of the breach [2.1].

If you are using a third-party email marketing tool that collects personal information, you must ensure that the tool is compliant with these requirements. You should also include a provision in your contract with the third-party requiring them to implement and maintain reasonable security measures to protect the personal information they collect [2.3].

Opt-Out Requirements for Disclosure of Nonpublic Personal Financial Information

If the personal information you are collecting includes nonpublic personal financial information, you must also comply with opt-out requirements for disclosure. However, there are exceptions to these requirements for service providers and joint marketing [1.1]. Additionally, there are other exceptions to notice and opt-out requirements for disclosure of nonpublic personal financial information [1.6].

Limits on Redisclosure and Reuse of Nonpublic Personal Financial Information

If you are collecting nonpublic personal financial information, you must comply with limits on redisclosure and reuse of that information [1.2].

Limits on Sharing Account Number Information for Marketing Purposes

If you are sharing account number information for marketing purposes, you must comply with limits on that sharing [1.3].

Limits on Disclosure of Nonpublic Personal Financial Information to Nonaffiliated Third Parties

If you are disclosing nonpublic personal financial information to nonaffiliated third parties, you must comply with limits on that disclosure [1.5].

Conclusion

In summary, if you are using third-party email marketing tools that collect personal information in Illinois, you must comply with the state’s data privacy laws, including the Illinois Personal Information Protection Act and the Illinois Consumer Fraud and Deceptive Business Practices Act. You must also ensure that the third-party tool is compliant with these requirements and include a provision in your contract requiring them to implement and maintain reasonable security measures. If the personal information you are collecting includes nonpublic personal financial information, you must also comply with opt-out requirements for disclosure, with exceptions for service providers and joint marketing, as well as limits on redisclosure and reuse of that information, limits on sharing account number information for marketing purposes, and limits on disclosure of nonpublic personal financial information to nonaffiliated third parties.

Source(s):
Jurisdiction

Illinois