Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-migrate-db domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /srv/app/gotoiba-dev/htdocs/web/wp-includes/functions.php on line 6121
If we write down an account number and balance on a piece of paper and give it to the wrong customer, does that qualify as a “breach of security of the system data” under the Illinois Personal Information Act? Would the answer be the same for a statement mailed to the wrong customer? – IBA Compliance Connection

IBA Compliance Connection

Your go to source for compliance!

If we write down an account number and balance on a piece of paper and give it to the wrong customer, does that qualify as a “breach of security of the system data” under the Illinois Personal Information Act? Would the answer be the same for a statement mailed to the wrong customer?

by

No. The Illinois law applies to unauthorized acquisitions of computerized data. We do not believe that providing an account number and balance in writing to someone other than the account owner, whether at a teller line or by mailing a monthly statement to the wrong address, would trigger the customer notification requirements of the Act.

However, the federal “Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice” requires you to notify your customer in the event that a misuse of “sensitive customer information” has occurred or is reasonably possible. “Sensitive customer information” does not need to be in the form of computerized data, so it is possible that the scenarios described above might trigger notice requirements under federal law. Whether a misuse of the information has occurred or is reasonably possible depends on the unique facts and circumstances of each event of an unauthorized access.