IL SB3939

Amends the Freedom of Information Act to exempt from disclosure cybersecurity vulnerabilities and information designed to identify, prevent, or respond to potential attacks on community systems, facilities, or installations, but only to the extent disclosure could expose vulnerabilities or jeopardize the effectiveness of security measures.

Requires municipalities with populations of 35,000 or greater and all counties to designate a local official or employee as the primary point of contact for cybersecurity issues and provide contact information to the Department of Innovation and Technology.

Establishes a cybersecurity liaison program within the Department of Innovation and Technology to advise and assist local government units in identifying cyber threats, performing risk assessments, sharing best practices, and responding to cyber incidents.

Mandates that all county and municipal employees annually complete cybersecurity training covering phishing scams, spyware prevention, identity theft prevention, and data breach response and prevention, with the Department providing an available training program.

Prohibits state agencies from purchasing products that are prohibited for purchase by federal agencies pursuant to a United States Department of Homeland Security Binding Operational Directive due to cybersecurity risks.