On October 26, 2017, the United States government released files relating to the assassination of President John F. Kennedy and the investigation that followed. The majority of the documents generated by the investigation – about 88% of all FBI, CIA, and other agencies’ files – have been available for years, but the rest of the documents were due to be released this year. On the recommendation of the investigatory agencies, President Trump decided to keep some of this remaining information redacted due to “national security, law enforcement, and foreign affairs concerns.” Speculation as to the contents of these documents and the reasons for redacting secure information have renewed a continuing discussion about what information the public should be privy to and how this information can be accessed.
Illinois’ Personal Information Protection Act (“PIPA”) became effective on January 1, 2017. Illinois is just one of many states that recently strengthened their data breach notification systems and created data security laws to enhance protection of personal information. Like other state provisions, Illinois created stronger safeguards for personal information transmitted electronically. This act requires that all personal information provided electronically must be encrypted or redacted. The amendments to PIPA (1) broadened the statute’s definition of personal information; (2) clarified the safe harbor for encryption; (3) addressed required notification to residents after a breach; and (4) established limited exemptions.