Skip to content
Justice starts here. (312) 676-7600

My Data Was Hacked: What’s the Illinois Data Breach Law ?

Woman's hands typing on a laptop computer

By Marty Dolan and George King

In an era where technology shapes the landscape of commerce, the prevalence of cyber negligence and cyberattacks pose a significant threat to businesses and individuals. Illinois has recognized the pressing need to address this growing concern, enacting laws and statutes designed to protect victims of cyber negligence. Understanding these legal frameworks is crucial for consumers and businesses to safeguard against potential threats and for individuals seeking justice for cyber-related harms.

The Legal Framework of Illinois Data Breach Law

Illinois boasts a robust legal framework aimed at addressing cyber negligence and protecting victims. Illinois’ data breach notification law includes the state’s Personal Information Protection Act, known as PIPA, which sets certain requirements for businesses handling sensitive personal data. Under PIPA, entities must implement reasonable security measures to protect personal information and promptly notify affected individuals in case of data breaches. PIPA was modified in 2017 to include a provision that further protects the consumer and requires data collectors in possession of Illinois residents’ personal information to “implement and maintain reasonable security measures to protect those records from unauthorized access, acquisition, destruction, use, modification, or disclosure.”

Furthermore, the Biometric Information Privacy Act, or BIPA, is a significant piece of newer legislation that governs the collection and use of biometric data. The law requires entities to obtain explicit consent and establish protocols for handling such sensitive information.

What Businesses Must Do to Protect Against Hackers

Businesses should take proactive measures to mitigate the risks associated with cyber negligence. Failure to implement cybersecurity protocols may expose companies to legal repercussions and other damages. Common practices that potentially put companies at risk of cyber negligence include:

  • Inadequate Security Measures: Failing to employ encryption, firewalls, and other cybersecurity tools leaves data vulnerable to breaches.
  • Lack of Employee Training: Insufficient training on cybersecurity best practices increases the likelihood of human error leading to data breaches.
  • Ignoring Regulatory Compliance: Disregarding legal requirements regarding data protection and privacy, such as PIPA and BIPA, can result in legal consequences.

Protecting Your Personal Data From Hackers

Dolan Law’s cyber and legal team compiled steps you can take to avoid cyber threats and protect your money or assets from falling into the wrong hands. According to local attorney and forensic expert Keith Chval, of Protek International, everyone should:

  • Verbally verify money movement instructions with the recipient and ask for documentation to support that request.
  • Take some reasonable steps to verify that you are sending to a legitimate person or entity and that they are who they say they are. Phone numbers can be spoofed in order to appear real; you should not rely on your carrier’s caller ID to verify who is calling; and you should always ask about a person or company’s identity and then do your own research.
  • When wiring money is the only method of payment, take some precautions to protect yourself because oftentimes, once that wire goes out, there’s no getting your money back. Where possible, if the amount is more than you care to lose and this is a new transaction or new business relationship, send a small payment to verify and then send the remaining balance due once verified. However, avoid wiring money when possible.
  • When you can, view goods in person, pay after services are completed, and send money only to people you’ve met in person.

Notably, take extra caution whenever a change is requested to how you previously sent payments to a person or organization. Scammers like to insert themselves into existing relationships and then direct that you change how or where payment is sent. Before replying directly to such a communication, and before sending payment, call to the original number for that person or organization to verify that the request is legitimate. However, if you find yourself a victim, don’t panic. You may be able to pursue civil action against entities that negligently handle personal or other information.

Illinois’ data breach laws and the landscape of cyber negligence in Illinois demands a proactive approach from businesses to fortify their digital infrastructure and comply with pertinent laws. However, consumers must be aware of the risk of cyber negligence when money changes hands. If you experience a cyber negligence issue, contact a professional. Dolan Law is a top-rated trial law firm with more than 40 years of combined experience representing victims of wrongdoing.

About the Authors

George King is a second-year law student at Belmont University College of Law in Nashville, Tennessee. Prior to law school, George graduated summa cum laude from Furman University. He works as a law clerk for Dolan Law in Chicago.

Marty Dolan is the owner and founder of Dolan Law, Chicago. He is a trial lawyer and has been so for over 30 years. Dolan Law handles complex catastrophic injury and wrongful death cases, including crime victim litigation. He was appointed to the Illinois Supreme Court Committee on Character and Fitness 2013-2023 and is appointed to select Illinois Supreme Court Rules Committee. He is a longtime Clarendon Hills resident.

GET IN TOUCH

We’re ready to help.
Contact us today.

Back To Top