Illinois passed a bill requiring data collectors to notify the attorney general in the event of a security breach. Under the bill, a data collector that owns or licenses personal information must notify the attorney general of a security breach if the security breach affects more than 500 Illinois residents. The bill requires that the attorney general be notified in the most expedient time possible (and without unreasonable delay), but in no event later than when the data collector provides a security breach disclosure to affected Illinois residents. In addition, the bill mandates the information that must be included in the attorney general notification. The bill becomes effective January 1, 2020.
See Illinois Legislature website for the full text of the Statutes:
http://www.ilga.gov/legislation/publicacts/101/PDF/101-0343.pdf
