Current through Public Act 103-1056
Section 5 ILCS 179/35 - Identity-protection Policy; Local Government(a) Each local government agency must draft and approve an identity-protection policy within 12 months after the effective date of this Act. The policy must do all of the following: (2) Require all employees of the local government agency identified as having access to social security numbers in the course of performing their duties to be trained to protect the confidentiality of social security numbers. Training should include instructions on the proper handling of information that contains social security numbers from the time of collection through the destruction of the information.(3) Direct that only employees who are required to use or handle information or documents that contain social security numbers have access to such information or documents.(4) Require that social security numbers requested from an individual be provided in a manner that makes the social security number easily redacted if required to be released as part of a public records request.(5) Require that, when collecting a social security number or upon request by the individual, a statement of the purpose or purposes for which the agency is collecting and using the social security number be provided.(b) Each local government agency must file a written copy of its privacy policy with the governing board of the unit of local government within 30 days after approval of the policy. Each local government agency must advise its employees of the existence of the policy and make a copy of the policy available to each of its employees, and must also make its privacy policy available to any member of the public, upon request. If a local government agency amends its privacy policy, then that agency must file a written copy of the amended policy with the appropriate entity and must also advise its employees of the existence of the amended policy and make a copy of the amended policy available to each of its employees.(c) Each local government agency must implement the components of its identity-protection policy that are necessary to meet the requirements of this Act within 12 months after the date the identity-protection policy is approved. This subsection (c) shall not affect the requirements of Section 10 of this Act.Added by P.A. 096-0874,§ 35, eff. 6/1/2010.