Illinois Data Security Statute 815 ILCS 530/45 (the “Statute”) is a state statutory law that establishes a data security standard for the safeguarding and protection of the personal information of Illinois residents. The Statute was adopted as a section of the Illinois Personal Information Privacy Act (PIPA).


The Statute applies to data collectors that process personal information. Both, data collectors that own or license personal information, and data collectors that merely maintain or store personal information, are covered. Further, data collectors that are subject to and compliant with GLBA, HIPAA, or other state or federal laws requiring greater protection, are deemed to be compliant with the data security requirements.


Data collectors have two obligations under the Statute:

  1. implement and maintain reasonable security measures
  2. include in contracts concerning disclosure of personal information to third parties, provisions that require the third party to implement and maintain reasonable security measures