Illinois Protecting Household Privacy Act: An Overview | David Ogbolumani

The Protecting Household Privacy Act (PHPA) prohibits the collection of household electronic data by law enforcers in the state unless they have a warrant. However, this doesn't prevent them from accessing this information in emergencies or if given consent. Household electronic data is described as the information provided by a person with a household electronic device, and it's not limited to whether an individual knowingly or unknowingly provided it. 

The Act defines a household electronic device as a device capable of facilitating electronic communication. It excludes certain types of devices, such as personal tablets, smartphones, and computers, from the definition of a household electronic device. The Act also prohibits Illinois law enforcers from collecting data from these devices. Electronic communication includes audio, video, or text messages transmitted or received by a device using a technology.

The PHPA focuses on devices such as smart speakers, virtual assistants, and video doorbells. These allow users to control their devices using audio or video commands.

Requirements of the Protecting Household Privacy Act

Warrant

In Illinois, law enforcers must get a warrant to collect data from a household electronic device. The information must be destroyed if no criminal charges have been filed within 60 days following the data acquisition. However, the information can stay if there's reasonable suspicion that the information is evidence of a crime or is relevant to an ongoing investigation. 

Data Security

The PHPA also requires entities that collect and distribute household electronic data to maintain the confidentiality of the information. They must also take reasonable steps to prevent unauthorized access and use of the data.

Existing federal law

The SCA and the ECPA also regulate the activities of federal and state law enforcers in obtaining and using electronic communication data and content. Although the PHPA doesn't cover the acquisition of wiretapping, intercepting, recording, or other forms of electronic communication, it states that in the event of a conflict, the law enforcers should have a higher standard when it comes to obtaining information.

Since the SCA and the ECPA cover the acquisition and use of electronic communication data, they can protect the same type of information and procedures differently.

Stored Communications Act

Despite the SCA's limitations on the government's ability to collect certain customer and subscriber data, it allows authorities to access this information through various means, such as a court order, subpoena, or warrant, depending on the data. For instance, the SCA allows a service provider to be subject to its requirements if it allows its customers to send or receive electronic communications.

The SCA also prohibits certain providers of electronic communication services (ECS) from sharing the contents of their stored communication with other parties.

This regulation applies to remote computing services, which are defined as services that allow the public to store and process computer data. With exceptions, it prohibits providers of these services from sharing the contents of their stored communication with other parties.

Conflicts

When a device falls under both the PHPA and the SCA, the results can get muddy. PHPA exemptions include consent from the device owner or possessor; on the other hand, under the SCA, the intended recipient of the communication can give consent to disclose to law enforcement. 

Through the SCA, a government entity may obtain access to a subscriber's data using a subpoena and a court order. The PHPA, on the other hand, allows law enforcers to collect household data using a grand jury subpoena. However, this method may conflict with the SCA's administrative or trial court subpoenas.

-

About David Ogbolumani

David Ogbolumani is a global expert in the field of information technology security. He has over 20 years of experience in managing and assessing risk, developing effective team development strategies, and ensuring compliance with legal requirements. He is a dynamic leader who can help bridge the gap between various departments.

David is a highly effective communicator and a public speaker who can help develop effective solutions for various projects. He serves on the academic board of the Illinois Institute of Technology’s Center for Cybersecurity and Forensic Education.

He has a long history of working in the information technology industry and has gained numerous certifications. Some of these include the Certified Information Systems Security Professional, Certified Information Systems Manager, Certified Information Systems Auditor, and Certified Internal Auditor certifications. He also holds the European and US Certified Information Privacy Professional certificates.

He is knowledgeable about the General Data Protection Regulations (GDPR), which are important to the protection of human rights and privacy in the European Union. The regulations are also applicable to various countries such as Norway, Iceland, Lichtenstein, and Norway.