Brendon Tavelli writes:
On August 22, Illinois Governor Pat Quinn signed House Bill 3025 into law. In doing so, he aligned Illinois with a small group of states responding to increased concern about privacy and information security by retooling their existing information security breach notification frameworks. HB3025, in particular, amends the state’s breach notification law to specify both the types of information that should be provided to notice recipients and the breach notice obligations of service providers that maintain or store, but don’t own or license, personal information about Illinois residents.
Read more on Proskauer’s Privacy Law Blog.
If I’m reading the “shall not” provisions of the law correctly (and I may not be), it appears that the entities are not allowed to reveal to those affected how many Illinois residents were affected by the breach. Why prohibit them from revealing that? Or am I reading the law incorrectly?
h/t, @PrivacyMemes