With so much of our personal data online, protecting consumer data is increasingly important. The United States does not currently have its own federal data privacy protection laws, but individual states are free to enact their own laws. Illinois enacted the Personal Information Privacy Act (PIPA) in 2005 and updated it in 2017. The state also has the Protecting Household Privacy Act (PHPA), which went into effect in 2022. While keeping up with myriad federal and state data privacy laws is time-consuming and expensive, an Illinois privacy policy generator cuts down on the cost and effort it takes to stay compliant.

SixFifty has created state-specific privacy tools to automatically generate a privacy policy that complies with Illinois law. Read on to learn more about Illinois’ privacy laws, and how our tools can make it easy and cost-effective to stay in compliance.

Who is affected by Illinois data privacy laws?

The Personal Information and Privacy Act (PIPA) went into effect in 2006, and was updated in 2017. It applies to any business, organization, or other entity which operates as a data collector within the state. This includes not only private for-profit companies, but government agencies, universities, nonprofit organizations, and other entities who collect private data from Illinois citizens.

The Protecting Household Privacy Act (PHPA) went into effect January 1, 2022. This law targets law enforcement, but will affect businesses who deal in private “household electronic data.” This is defined as any information or input provided to a device capable of facilitating electronic communication—with exceptions for personal computers, tablets, smartphones, cellphones, modems, routers, and more.

What’s the difference between privacy policies and privacy notices?

You will need two separate privacy documents to stay compliant—but what’s the difference? Privacy notices and privacy policies serve different purposes. A privacy notice is a public document that you post for consumers to see. It outlines your personal information gathering practices, and tells consumers what you do with their data. A privacy policy is an internal document that your employees follow: it tells them how they should handle consumers’ personal information.

Illinois privacy laws

Both the PIPA and PHPA have different provisions. Most companies will deal with PIPA more often than they encounter PHPA scenarios.

PIPA protects personal information such as:

  • Account passwords and security codes
  • Biometric and genetic information
  • Credit or debit card numbers
  • Driver’s license or state ID numbers
  • Federal passport numbers
  • Financial account numbers
  • Medical account numbers
  • Social Security numbers

The law has several requirements for any entity doing business in Illinois or targeting Illinois residents:

  • Notification of data breaches: PIPA requires companies to notify Illinois residents if their personal data is compromised. They must notify them as quickly as possible and without “unreasonable delay.” This notice can be written or electronic, but if that’s not possible, general statewide media notifications may meet the requirements.
  • Data disposal: Any entity collecting, storing, and/or processing personal data must dispose of the information when it’s no longer needed for services or business operations. This includes both electronic and personal data.
  • Security standards: Finally, the PIPA requires data collectors to use “reasonable security measures” to protect data breaches and unauthorized access or use.

Meanwhile, PHPA has its own requirements:

  • Warrant requirement: Illinois law enforcement agencies must have a warrant to obtain household smart device data. If no criminal charges are filed within 60 days of obtaining the data, it must be destroyed. There are two exceptions: if there’s reasonable suspicion the information is evidence of criminal activity, or if the information is related to an ongoing investigation.
  • Data security requirement: Any entity disclosing household electronic data must create a confidentiality agreement. This is designed to ensure the entity takes reasonable measures to protect the confidentiality and security of any data they transmit to law enforcement. It also limits what can be disclosed: only the information related to the law enforcement agency’s request may be shared with them.

Is there an Illinois privacy policy template?

Complying with Illinois’ privacy laws can be confusing. You might be tempted to try a one-size-fits-all privacy policy template, but they’re unlikely to cover every applicable state law and scenario. SixFifty’s IL website privacy policy generator makes it easy to stay on top of data privacy laws. Instead of having your legal team draft the documents and monitor changes to the law, or seek guidance from outside counsel, our tools do the hard work for you.

You can quickly generate a privacy policy document that complies with Illinois law. Plus, we monitor changes to the law for you. You’ll be notified whenever the law changes and you need to regenerate your privacy documents.

Our software pairs technology with legal expertise to deliver compliant Illinois privacy policies and notices. Just answer a series of questions, download the generated documents, and have your lawyer review. It’s the simplest way to stay compliant in the changing digital landscape.

Generate a privacy policy for Illinois with SixFifty

If your company does business in Illinois, you need a compliant, state-specific privacy policy in place. Let SixFifty do the heavy lifting for you with our Illinois privacy policy generator. Reach out today to schedule a demo, or learn more about our privacy tools!