Updates on cases, laws, and other topics of interest to local governments

Subscribe by Email

Enter your Email:
Preview | Powered by FeedBlitz

Subscribe in a Reader

Follow Municipal Minute on Twitter


Blog comments do not reflect the views or opinions of the Author or Ancel Glink. Some of the content may be considered attorney advertising material under the applicable rules of certain states. Prior results do not guarantee a similar outcome. Please read our full disclaimer

Wednesday, April 26, 2023

Reminder of Cybersecurity Training Requirement for Municipalities and Counties

We wanted to remind Illinois municipalities and counties of a state law that became effective earlier this year that imposes new cybersecurity requirements, including annual cybersecurity training for municipal and county employees and for some municipalities and all counties, the appointment of a cybersecurity designee.

P.A. 102-0753 was enacted last year and became effective January 1, 2023. The Act includes the following changes and new obligations.

First, the Act requires that every employee of a municipality or county complete an annual cybersecurity training program. That training must include, at a minimum, the following:
  • detecting phishing scams;
  • preventing spyware infections and identity theft; and
  • preventing and responding to data breaches.
Second, the Act requires the "principal executive officer, or his or her designee" of any municipality with a population of 35,000 or greater and all counties to designate a local official or employee as the primary point of contact for local cybersecurity issues and to provide the name and contact information to the Department of Innovation and Technology (a state agency). 

Third, the Act amended FOIA to expand the security plans and policies exception of section 7(1)(v) of FOIA to cover policies and plans addressing cybersecurity vulnerabilities so that these records are now exempt from release under FOIA.

Finally, the Act directs the Department to put together a cybersecurity training program and make it available to municipalities and counties. As an alternative, the Act does allow counties and municipalities to create their own training program. 


Post a Comment