Summary as Introduced
Amends the Probate Act of 1975. Makes a technical change in a Section concerning the short title.
Staff Analysis
Bill as Introduced
Amends the Probate Act of 1975. Makes a technical change in a Section concerning the short title.
Senate Floor Amendment 1
The amendment would create the Illinois Consumer Data Privacy Act to establish a comprehensive framework governing the collection, processing, and sale of consumer personal data by certain businesses operating in Illinois or targeting Illinois residents. The Act applies to entities meeting specified data-processing or revenue thresholds and outlines responsibilities for data controllers and processors while granting consumers various rights related to their personal data, including the rights to access, correct, delete, and opt out of certain data processing activities. The bill also includes requirements related to privacy policies, data protection assessments, deidentified and pseudonymous data, and protections for consumers subject to profiling decisions. Enforcement authority is granted to the Attorney General and State’s Attorneys, violations are deemed unlawful practices under the Consumer Fraud and Deceptive Business Practices Act, and related data privacy assessments are exempted from disclosure under the Freedom of Information Act. The legislation limits concurrent home rule authority and takes effect January 1, 2027.
Senate Floor Amendment 2
The proposed Illinois Consumer Data Privacy Act would establish a broad statewide framework governing how certain businesses collect, process, store and sell personal data of Illinois consumers. The legislation applies primarily to larger companies that meet specified data-processing or revenue thresholds and creates a series of consumer rights related to access, correction, deletion, portability and opt-out protections for personal data. The bill also establishes responsibilities for data controllers and processors, requires privacy policies and data protection assessments, and authorizes enforcement by the Illinois Attorney General and local State’s Attorneys. Violations would constitute unlawful practices under the Illinois Consumer Fraud and Deceptive Business Practices Act.
From a county government perspective, the proposal does not directly regulate counties in most circumstances because the Act is primarily targeted at private-sector entities meeting specified thresholds. However, counties could experience indirect operational and legal impacts. County offices frequently interact with third-party vendors that process resident data, including vendors providing public safety software, health services platforms, tax systems, election systems, court technologies, human resources applications and other government technology services. Counties may need to evaluate whether existing vendor agreements, procurement standards and cybersecurity practices adequately address evolving state privacy requirements and liability concerns.
The legislation also contains enforcement authority for State’s Attorneys, which could create additional investigative or legal responsibilities for county offices tasked with enforcing violations within their jurisdictions. Depending on implementation and future litigation trends, State’s Attorneys may experience increased workload associated with consumer privacy complaints, investigations and enforcement actions.
The amendment also limits concurrent home rule authority, meaning Cook County could face restrictions on adopting local consumer data privacy regulations that conflict with or go beyond the statewide framework. From an ISACo perspective, the home rule preemption language is notable because it limits local regulatory flexibility in a rapidly developing area of technology and consumer protection policy.
Finally, the bill amends the Freedom of Information Act to exempt certain privacy and data protection assessments submitted to the Attorney General or State’s Attorneys from public disclosure. This could affect how county officials handle or respond to FOIA requests involving privacy compliance materials associated with enforcement activities. The legislation would take effect January 1, 2027.