Illinois Compiled Statutes 215 ILCS 215/5 – Definitions
Current as of: 2024 | Check for updates
|
Other versions
As used in this Act:
“Authorized individual” means an individual known to and screened by the licensee and determined to be necessary and appropriate to have access to the nonpublic information held by the licensee and its information systems.
“Consumer” means an individual, including, but not limited to, an applicant, policyholder, insured, beneficiary, claimant, or certificate holder who is a resident of this State and whose nonpublic information is in a licensee’s possession, custody, or control.
“Cybersecurity event” means an event resulting in unauthorized access to, disruption, or misuse of an information system or information stored on such information system. “Cybersecurity event” does not include the unauthorized acquisition of encrypted nonpublic information if the encryption, process, or key is not also acquired, released, or used without authorization. “Cybersecurity event” does not include an event with regard to which the licensee has determined that the nonpublic information accessed by an unauthorized person has not been used or released and has been returned or destroyed.
“Department” means the Department of Insurance.
“Director” means the Director of Insurance.
“Encrypted” means the transformation of data into a form which results in a low probability of assigning meaning without the use of a protective process or key.
“Information security program” means the administrative, technical, and physical safeguards that a licensee uses to access, collect, distribute, process, protect, store, use, transmit, dispose of, or otherwise handle nonpublic information.
“Information system” means a discrete set of electronic information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of electronic information, as well as any specialized system such as industrial and process controls systems, telephone switching and private branch exchange systems, and environmental control systems.
“Licensee” means any person licensed, authorized to operate, or registered, or required to be licensed, authorized, or registered pursuant to the insurance laws of this State. “Licensee” does not include a purchasing group or a risk retention group chartered and licensed in a state other than this State or a licensee that is acting as an assuming insurer that is domiciled in another state or jurisdiction.
“Multi-factor authentication” means authentication through verification of at least 2 of the following types of authentication factors:
(1) knowledge factors, including a password;
(2) possession factors, including a token or text
“Authorized individual” means an individual known to and screened by the licensee and determined to be necessary and appropriate to have access to the nonpublic information held by the licensee and its information systems.
Terms Used In Illinois Compiled Statutes 215 ILCS 215/5
- Beneficiary: A person who is entitled to receive the benefits or proceeds of a will, trust, insurance policy, retirement plan, annuity, or other contract. Source: OCC
- Corporation: A legal entity owned by the holders of shares of stock that have been issued, and that can own, receive, and transfer property, and carry on business in its own name.
- individual: shall include every infant member of the species homo sapiens who is born alive at any stage of development. See Illinois Compiled Statutes 5 ILCS 70/1.36
- Jurisdiction: (1) The legal authority of a court to hear and decide a case. Concurrent jurisdiction exists when two courts have simultaneous responsibility for the same case. (2) The geographic area over which the court has authority to decide cases.
- Partnership: A voluntary contract between two or more persons to pool some or all of their assets into a business, with the agreement that there will be a proportional sharing of profits and losses.
- State: when applied to different parts of the United States, may be construed to include the District of Columbia and the several territories, and the words "United States" may be construed to include the said district and territories. See Illinois Compiled Statutes 5 ILCS 70/1.14
“Consumer” means an individual, including, but not limited to, an applicant, policyholder, insured, beneficiary, claimant, or certificate holder who is a resident of this State and whose nonpublic information is in a licensee’s possession, custody, or control.
“Cybersecurity event” means an event resulting in unauthorized access to, disruption, or misuse of an information system or information stored on such information system. “Cybersecurity event” does not include the unauthorized acquisition of encrypted nonpublic information if the encryption, process, or key is not also acquired, released, or used without authorization. “Cybersecurity event” does not include an event with regard to which the licensee has determined that the nonpublic information accessed by an unauthorized person has not been used or released and has been returned or destroyed.
“Department” means the Department of Insurance.
“Director” means the Director of Insurance.
“Encrypted” means the transformation of data into a form which results in a low probability of assigning meaning without the use of a protective process or key.
“Information security program” means the administrative, technical, and physical safeguards that a licensee uses to access, collect, distribute, process, protect, store, use, transmit, dispose of, or otherwise handle nonpublic information.
“Information system” means a discrete set of electronic information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of electronic information, as well as any specialized system such as industrial and process controls systems, telephone switching and private branch exchange systems, and environmental control systems.
“Licensee” means any person licensed, authorized to operate, or registered, or required to be licensed, authorized, or registered pursuant to the insurance laws of this State. “Licensee” does not include a purchasing group or a risk retention group chartered and licensed in a state other than this State or a licensee that is acting as an assuming insurer that is domiciled in another state or jurisdiction.
“Multi-factor authentication” means authentication through verification of at least 2 of the following types of authentication factors:
(1) knowledge factors, including a password;
(2) possession factors, including a token or text
|
message on a mobile phone; or
|
(3) inherence factors, including a biometric
|
characteristic.
|
“Nonpublic information” means information that is not publicly available information and that is:
(1) business-related information of a licensee the
(1) business-related information of a licensee the
|
tampering with which, or unauthorized disclosure, access, or use of which, would cause a material adverse impact to the business, operations, or security of the licensee;
|
(2) any information concerning a consumer which
|
because of name, number, personal mark, or other identifier can be used to identify such consumer, in combination with any one or more of the following data elements:
|
(A) social security number;
(B) driver’s license number or nondriver
(B) driver’s license number or nondriver
|
identification card number;
|
(C) financial account number, credit card number,
|
or debit card number;
|
(D) any security code, access code, or password
|
that would permit access to a consumer’s financial account; or
|
(E) biometric records; or
(3) any information or data, except age or gender, in
(3) any information or data, except age or gender, in
|
any form or medium created by or derived from a health care provider or a consumer and that relates to:
|
(A) the past, present, or future physical,
|
mental, or behavioral health or condition of any consumer or a member of the consumer’s family;
|
(B) the provision of health care to any consumer;
|
or
|
(C) payment for the provision of health care to
|
any consumer.
|
“Person” means any individual or any nongovernmental entity, including, but not limited to, any nongovernmental partnership, corporation, branch, agency, or association.
“Publicly available information” means any information that a licensee has a reasonable basis to believe is lawfully made available to the general public from federal, State, or local government records; widely distributed media; or disclosures to the general public that are required to be made by federal, State, or local law. “Publicly available information” includes information that a consumer may direct not to be made available to the general public, but that the consumer has not directed not be made available.
“Risk assessment” means the risk assessment that each licensee is required to conduct under subsection (c) of Section 10.
“Third-party service provider” means a person, not otherwise defined as a licensee, that contracts with a licensee to maintain, process, store, or otherwise is permitted access to nonpublic information through its provision of services to the licensee.
“Publicly available information” means any information that a licensee has a reasonable basis to believe is lawfully made available to the general public from federal, State, or local government records; widely distributed media; or disclosures to the general public that are required to be made by federal, State, or local law. “Publicly available information” includes information that a consumer may direct not to be made available to the general public, but that the consumer has not directed not be made available.
“Risk assessment” means the risk assessment that each licensee is required to conduct under subsection (c) of Section 10.
“Third-party service provider” means a person, not otherwise defined as a licensee, that contracts with a licensee to maintain, process, store, or otherwise is permitted access to nonpublic information through its provision of services to the licensee.