01 / THE DISPOSAL LAWIllinois's landfill ban
Illinois's Electronic Products Recycling and Reuse Act establishes a producer-responsibility program and, since January 1, 2012, bans covered electronic devices from landfills. Computers, monitors, televisions, and a range of peripherals must be recycled rather than discarded, and improper disposal is prohibited under penalty of law.
For organizations, the obligation is to route retired covered electronics to compliant recyclers, with federal RCRA, HIPAA, and GLBA duties on top. Bottom line: in Illinois, covered electronics cannot lawfully be landfilled — a documented recycler is the expected path.
02 / THE BREACH LAWPIPA — and the BIPA overlay
Illinois's Personal Information Protection Act (815 ILCS 530) requires notifying affected residents without unreasonable delay and, since 2020, notifying the Attorney General when more than 500 Illinois residents are affected. "Personal information" reaches medical, health-insurance, and credential data. Separately, Illinois's Biometric Information Privacy Act (BIPA) creates among the strongest biometric protections in the country, with a private right of action.
A retired access-control or device holding biometric templates, or a drive of residents' personal information, can trigger serious exposure. Bottom line: media destroyed to NIST 800-88 with documentation is not exposed data — the cleanest defense under both PIPA and BIPA.
03 / WHAT IT MEANSOne certified process satisfies both
Read together, Illinois's rules point the same direction. An organization retiring IT equipment in Illinois has to handle the device lawfully — covered electronics are banned from landfills — and be able to prove the data on it is gone under the state's breach-notification law. Handled separately, those are two compliance tracks. Handled as one certified IT asset disposition process, they collapse into a single workflow: compliant recycling, documented NIST 800-88 data destruction with serialized certificates, and an unbroken chain of custody.
That combined standard is what an R2v3, NAID AAA, and RIOS-certified provider is built to deliver. CyberCrunch is headquartered in Greensburg, Pennsylvania, and serves organizations across Illinois and all 50 states with on-site and facility-based destruction and documented recycling.
04 / SOURCESWhere this comes from
- Illinois PIPA (815 ILCS 530) & BIPA; see IAPP state breach-notification chart — source
- Illinois Electronic Products Recycling and Reuse Act — ERI state e-waste legislation overview — source
This page is provided for general informational purposes only and reflects publicly available sources as of June 2026. It is not legal advice and does not create an attorney-client relationship. Laws and regulations change frequently and are subject to interpretation; CyberCrunch makes no representation or warranty as to the accuracy, completeness, or currency of this information and assumes no liability for any reliance on it. Always do your own research and confirm the current requirements for your organization with qualified legal counsel before acting.
05 / FAQFrequently asked questions
Can an Illinois business throw old computers in the trash?
No. Since January 1, 2012, the Electronic Products Recycling and Reuse Act bans covered electronics from landfills. Improper disposal is prohibited under penalty of law.
Who pays for electronics recycling in Illinois?
Manufacturers fund recycling under the Act's producer-responsibility model; businesses must route equipment to compliant recyclers.
When must an Illinois organization report a data breach?
Without unreasonable delay to affected residents, and to the Attorney General when more than 500 residents are affected. Biometric data also carries separate BIPA exposure.
Does destroying a drive remove breach-notification risk?
Media sanitized or destroyed to NIST 800-88 standards, with documentation, is not exposed data — the practical defense against a disposal-driven breach.