Creates the Illinois Data Privacy Protection Act. Applies to legal entities that conduct business in Illinois or produce products or services that are targeted to Illinois residents and that satisfy one or more of the following thresholds: during a calendar year, controls or processes personal data of 100,000 consumers or more, excluding personal data controlled or processed solely for the purpose of completing a payment transaction; or derives over 25% of gross revenue from the sale of personal data and processes or controls personal data of 25,000 consumers or more. Requires a controller, alone or jointly with others, to consider the purposes and means of the processing of personal data in protecting the security of consumers while processing personal data and in notifying consumers of a breach of the security of the system. Authorizes rights to consumers under the Act to include, but not be limited to, the right to access their personal data, obtain a list of third parties to whom their data has been disclosed, request corrections to inaccurate data, and question the profiling of their information. Authorizes the Attorney General to enforce the Act. Amends the Personal Information Protection Act. Provides that, annually, on or before January 31, a data broker operating in the State must register with the Attorney General. Provides that the Attorney General shall create a page on its Internet website in which the registration information is accessible to the public that allows consumers to delete their personal information across all registered data brokers. Provides for civil penalties. Amends the State Finance Act to create the Data Privacy Protection Fund. Makes definitions. Makes other changes. Limits the concurrent exercise of home rule powers. Contains a severability provision.

Statutes affected:
Introduced: 30 ILCS 105/5, 815 ILCS 530/55, 815 ILCS 530/60, 815 ILCS 530/65