WeVote

Bill

Bill

HB 3375

Relating to youth substance abuse.

2025 Regular Session Introduced by Tawna Sanchez and 1 co-sponsor

HB3375 restricts routinely collecting Illinois residents’ SSNs to cases with a specific and immediate need, reducing unnecessary data exposure.

In committee upon adjournment.
0
WeVote Research Nonpartisan
Bill Summary · HB 3375

Summary of HB3375 (Illinois)

Overview

  • Bill Number: HB3375
  • Title: Personal Info Protection - SSN
  • Introduced: February 18, 2025 by Rep. Joyce Mason
  • 104th Illinois General Assembly
  • Current Status: Rule 19(a) / Re-referred to Rules Committee (as of April 11, 2025)

Purpose and Intent

HB3375 amends the Personal Information Protection Act (815 ILCS 530/45) to restrict the routine collection of Social Security numbers (SSNs) by data collectors. The core aim is to reduce unnecessary SSN collection and associated risk by requiring a “specific and immediate need” before collecting an Illinois resident’s SSN.

Key Provisions

  • Section 45 (Data security) already requires:

    • Data collectors (owners, licensees, or managers of records containing personal information) to implement reasonable security measures.
    • Disclosures to third parties must include contract provisions requiring the recipient to maintain reasonable security.
    • Compliance with stricter state/federal laws or GLBA standards provides a safe harbor or confirmation of compliance.
  • New restriction on SSNs (subsection e):

    • No data collector shall routinely collect the SSN of an Illinois resident without a specific and immediate need.
    • Examples of specific and immediate need include:
    • Conducting a background check as part of employee onboarding.
    • Verifying Employment Eligibility forms (I-9-related processes).
    • The subsection clarifies that routine SSN collection for patient intake at healthcare facilities is not included unless required by state or federal law.
  • Compatibility language:

    • If a data collector already complies with higher protections under applicable law, they are deemed compliant with these requirements.
    • Compliance with GLBA Section 501(b) standards also constitutes compliance with this section.

Who Is Affected

  • Data collectors that own, license, store, or otherwise handle records containing personal information of Illinois residents.
  • Organizations disclosing personal information to others, via contract, to third parties must ensure those recipients maintain appropriate security.

Procedural and Timeline Notes

  • Filed: February 26, 2025
  • First Reading: February 18, 2025 (initial scheduling in the 104th General Assembly workflow)
  • Committee activity: Placed in Consumer Protection Committee; reported out as “Do Pass / Short Debate” on March 18, 2025 (009-000-000)
  • Subsequent actions included sponsorship additions and a second-reading calendar, with the latest status being Rule 19(a) and re-referred to Rules Committee as of April 11, 2025.

Potential Impact and Considerations

  • Reduces exposure risk by limiting SSN collection to clearly justified scenarios.
  • Could affect onboarding and background-check processes; organizations may need to adjust forms and workflows to reflect a “specific and immediate need.”
  • Maintains flexibility by recognizing higher security standards and existing legal requirements as compliant.
  • May necessitate updates to privacy notices, contracts, and data-retention practices to reflect SSN collection conditions.

Compiled from official sources — confirm details with the bill’s official record.

Sign in to ask a question.