New legislation signed into law in Illinois will help citizens of that state understand and recover from identity theft in a more timely way. House Bill 1260, signed by Governor Bruce Rauner in May, will update a lot of the currently understood types of identity theft prevention and lead to more immediate recovery. This is an important step towards keeping up with technological changes in this form of crime.

One of the first noteworthy features of the bill is the change to the types of data theft that will require consumers to be alerted. Instead of waiting for notification following something like a retail data breach, the law now adds medical data, health insurance information, and even biometric records like fingerprints or stored blood samples to the list of protected information. If any of those records are compromised, it’s now treated like any other data breach for notification purposes.

There is one other very important change, one that stands to shake up what consumers and industry experts have long known about data breaches and notification. For years, experts have cautioned consumers about avoiding scam emails that claim to come from their financial institution, credit card issuer, a utility company, or other account-based site; advocates have always said that any legitimate communication from these companies indicating a problem with your account will come in the mail.

Now, however, the law recognizes that waiting on a data breach notification letter—which is costly in terms of printing and mailing, especially in a breach that has millions of affected victims—slows down the response time. While consumers wait for the investigation and resulting notification, thieves are already doing irreparable damage with the victims’ stolen records. An emailed notification can be sent out the moment a breach is discovered, letting victims take swift action and begin the process of protecting themselves.

While this stands to greatly reduce the amount of time and the costs associated with notifying victims, it does mean that consumers and advocates alike will have to be extra-vigilant about detecting which emails are genuine, and which ones are phishing attempts aimed at stealing consumers’ personal identifiable information.

Anyone can be a victim of identity theft, anyone can use our services, and anyone can help us help others. If you found this information useful, please consider donating to the Identity Theft Resource Center to help us keep our services free to the public.