The Illinois General Assembly has approved House Bill 576, enacting the Public Official Safety and Privacy Act, a statute designed to mitigate the growing risks associated with doxing and the unauthorized disclosure of personal data belonging to public officials and their families. The legislation reflects a growing concern over targeted harassment, online intimidation, and the ease with which sensitive data can be disseminated. If signed by the Governor, the legislation will take effect on January 1, 2026.
The Act introduces a formal mechanism for public officials to restrict the publication of personal information. Covered “public officials” include current and former members of the Illinois General Assembly, current and former constitutional officers, elected or appointed State’s Attorneys, appointed Public Defenders, and county clerks or election commissioners responsible for administering elections. “Personal information” includes home addresses, home and mobile telephone numbers, pager numbers, personal email addresses, social security numbers, federal tax identification numbers, checking and savings account numbers, credit card numbers, marital status, and the identities of children under the age of 18.
Once a written nondisclosure request is submitted, “government entities,” including townships, municipalities, park districts, and school districts, are now required to remove the specified personal information from any public-facing materials, whether online or in physical records, within five business days. The Act further prohibits redisclosure of such personal information, including in response to Freedom of Information Act (FOIA) requests, absent the public official’s prior written consent.
The Act’s reach is not limited to governmental bodies. Private individuals, businesses, and associations that receive a similar written request, must remove the protected information from any publicly accessible online platform within 72 hours.
In addition to these compliance timelines, the law introduces a new basis for criminal liability. It is classified as a Class 3 felony to knowingly post a public official’s or immediate family member’s personal information online when doing so creates a serious and immediate safety threat and results in injury or death.
These new obligations do not operate in isolation. To reinforce these protections, several related statutes have been amended:
- The Freedom of Information Act (5 ILCS 140/7(1) et seq.) now includes an exemption that aligns with the Act, requiring public bodies to withhold protected personal information upon receipt of a valid request.
- The Election Code (10 ILCS 5/9-8.10 and 10 ILCS 5/1A-16.8) now authorizes the use of campaign funds for personal security and cybersecurity, and requires the State Board of Elections to redact home addresses of candidates and committee officers when requested.
- The Identification Card Act (15 ILCS 335/4A) and the Vehicle Code (625 ILCS 5/3-405.2) have been revised to allow covered public officials to use their work address instead of their home address on IDs and vehicle registrations.
For questions about the Public Official Safety and Privacy Act, its implementation timeline, or your agency’s obligations under the new law, please contact Michael A. Airdo at mairdo@airdowerwas.com or Lauren K. McKenzie at lmckenzie@airdowerwas.com.