The Library takes all measures reasonably necessary to protect the security, confidentiality and integrity of “personal information” as defined in the Personal Information Protection Act (815 ILCS 530/1 et seq.). Personal information does not include publicly available information that is lawfully made available to the general public from federal, State, or local government records (815 ILCS 530/5).
Any suspected breach or compromise of the security of library data which contains personal information shall be investigated promptly by the Executive Director.
The Executive Director may consult with local law enforcement officials and/or the Library’s attorney before making a determination as to notifying patrons that there has been a breach of library data which contains personal information.
If notice to patrons is appropriate, notice shall be given in accordance with the Personal Information Protection Act. “Personal information” is specifically defined as an individual’s first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted or redacted:
A. Social Security number.
B. Driver’s license number or State identification card number.
C. Account number or credit or debit card number, or an account number or credit card number in combination with any required security code, access code, or password that would permit access to an individual’s financial account.