ISP noncompliance with FOID rules, Audit finds.

[mab22]

https://www.thecentersquare.com/illinois/article_ccc56ec2-64d2-4f40-92e1-bb40ab2df37f.html

We could use more info on this... 

 

Quote

Audit finds ISP noncompliance with FOID rules

Illinois State Police did not comply with the requirements of the Firearm Owner’s Identification Card Act, according to an Illinois Auditor General report for the two years ending June 30, 2024.

Alongside not depositing FOID funds into the right accounts, of FOID cards tested, 5% of FOID card holders were not notified within 180 days of their card expiring, a repeat finding. The report also said ISP didn’t maintain adequate controls over reporting and monitoring state property. 

 

[Jeffrey]

Nothing to see here, move along.

[EdDinIL]

"The report also said ISP didn’t maintain adequate controls over reporting and monitoring state property. "

 

Is this the moment where we find out some flunky in Springfield has been leaking FOID, CCL, and PICA registration details to someone?  Steeeeeeeeve, we neeeed you!!!

[StuckInIllinois]

“Alongside not depositing FOID funds into the right accounts………”

 

 

 

Shockingly not shocking. 

[mab22]

On 6/13/2025 at 12:24 PM, StuckInIllinois said:

“Alongside not depositing FOID funds into the right accounts………”

 

 

 

Shockingly not shocking. 

QUICK! Someone call the State Po.... 😞

 

[Euler]

I completely expect Raoul will get right on this.

[Tip]

Notice the headline says noncompliance with FOID rules where the quoted part really says “did not comply with the requirements of the Firearm Owner’s Identification Card Act” which is noncompliance with the Law…..
 

[ragsbo]

AND what will be done about it??????  NOTHING!! Again the state breaks the law willingly and purposely and gets away with it 

[EdDinIL]

It doesn't look like the FOID Act lists any penalties for the state not complying with various sections of the act.  Do any sections of the Illinois Compiled Statutes have any such provisions?

Edited June 13, 2025 at 10:17 PM by EdDinIL

[Euler]

If the government fails to follow its own laws, you have a 1A right to sue the government. That's about it.

Unless you can demonstrate malice (and sometimes even if you can), the individuals in positions of government authority have immunity to civil suits.

[Tango7]

On 6/13/2025 at 5:17 PM, EdDinIL said:

It doesn't look like the FOID Act lists any penalties for the state not complying with various sections of the act.  Do any sections of the Illinois Compiled Statutes have any such provisions?

 

[2smartby1/2]

"We have investigated ourselves and found no wrongdoing" - ISP probably

[John Q Public]

We have spoke about this for years, as long as there are no penalties, this kind of think will continue. Yawn

[Dumak_from_arfcom]

On 6/13/2025 at 11:34 AM, EdDinIL said:

"The report also said ISP didn’t maintain adequate controls over reporting and monitoring state property. "

 

Is this the moment where we find out some flunky in Springfield has been leaking FOID, CCL, and PICA registration details to someone?  Steeeeeeeeve, we neeeed you!!!

 

That is exactly what I thought that quoted bold text was saying.  IOW...  Our data has been leaked/hacked/stolen, and they haven't told us about it. 

[mab22]

On 6/16/2025 at 1:37 PM, Dumak_from_arfcom said:

 

That is exactly what I thought that quoted bold text was saying.  IOW...  Our data has been leaked/hacked/stolen, and they haven't told us about it. 

That could very well explain why:

 
When I did my CCL renewal I got stupid SPAM emails. 

How they were able to identify that some fire firefighter's had CCL's. 

 

They had to take an outage, to fix what they discovered was broken with the site that had the data. 

 

 

Does a government entity in Illinois need to notify the people if there was a data breach, or are government entities exempt from that law as well? 

 

[Dumak_from_arfcom]

On 6/16/2025 at 3:37 PM, mab22 said:

 

 

 

Does a government entity in Illinois need to notify the people if there was a data breach, or are government entities exempt from that law as well? 

 

 

Q: Does a government entity in Illinois need to notify the people if there was a data breach, or are government entities exempt from that law as well? 

 

A: AI Overview
In Illinois, government entities are not exempt from data breach notification laws. If a government entity experiences a data breach involving personal information of Illinois residents, they are required to notify affected individuals, as well as the Illinois Attorney General's office under certain circumstances. 

[Dumak_from_arfcom]

 

So... next question.   Can the State of Illinois be sued for a data breach?

AI Overview.

 

Yes, the Illinois state government can potentially be sued for a data breach, but it depends on the specific circumstances and the type of damages claimed. While the state, like other governmental entities, may have some sovereign immunity protections, these can be waived or limited in cases of data breaches. The key factors determining liability include whether the state failed to implement reasonable security measures, whether a specific law was violated, and whether individuals suffered actual damages as a result of the breach. 

[mab22]

On 6/16/2025 at 6:36 PM, Dumak_from_arfcom said:

 

So... next question.   Can the State of Illinois be sued for a data breach?

AI Overview.

 

Yes, the Illinois state government can potentially be sued for a data breach, but it depends on the specific circumstances and the type of damages claimed. While the state, like other governmental entities, may have some sovereign immunity protections, these can be waived or limited in cases of data breaches. The key factors determining liability include whether the state failed to implement reasonable security measures, whether a specific law was violated, and whether individuals suffered actual damages as a result of the breach. 

Leta take it up a notch….…

.

.

FOID data is exempt from everything, not even the FOID holder can request their data, MAYBE it’s obtainable through a court order, but not FOIA. 

So you would have to FOIA the ISP to find out if there was a breach, then you would need a court order to identify what breached about who?

 

Winging this, but I thought based on other threads that FOID data/info is protected and you need to jump through serious hoops to get at it, even if it your data. 
so it wouldn’t surprise me that the fat SFB Gov is using that as an excuse to not say anything… 

 BTW You know the isp site for FOID stuff is not OWNED by the state, the domain name is held by someone else, it’s a .co m not state .IL site. 

 

[mab22]

Updates. 

 

Read those audits here: 

Compliance audit summary - https://www.auditor.illinois.gov/Audit-Reports/Compliance-Agency-List/ISP/FY24-ISP-Comp-Digest.pdf

 

FOID Act follow up - https://www.auditor.illinois.gov/Audit-Reports/Compliance-Agency-List/ISP/25-Perf-Follow-Up-Rpt-ISP-Admin-of-FOID-Card-Act.pdf

 

CCL Act follow up - https://www.auditor.illinois.gov/Audit-Reports/Compliance-Agency-List/ISP/25-Perf-Follow-Up-Rpt-ISP-FOID-and-Conc-Carry-Programs.pdf

 

 

 

 

[Euler]

Not about the 2A part, but:

"Missing items" that contain personal, confidential information could be filing cabinets or computers with hard drives. Computers/laptops with hard drives can walk out the door more easily than filing cabinets. So $2.2M worth of computers/laptops became "missing," and no one was worried (apparently).

[yurimodin]

On 6/20/2025 at 4:24 PM, Euler said:

Not about the 2A part, but:

"Missing items" that contain personal, confidential information could be filing cabinets or computers with hard drives. Computers/laptops with hard drives can walk out the door more easily than filing cabinets. So $2.2M worth of computers/laptops became "missing," and no one was worried (apparently).

 

 

Even if they were way over-paying with padded gubmint contracts that would be 1,000 x $2,200 laptops disappearing. NO WAY......that $ got pocketed. But the good news is no one will ever be held accountable so they get to swim win pension money AND go on a 100 Jamaican cruises at our expense. 

[davel501]

On 6/24/2025 at 10:40 AM, yurimodin said:

 

 

Even if they were way over-paying with padded gubmint contracts that would be 1,000 x $2,200 laptops disappearing. NO WAY......that $ got pocketed. But the good news is no one will ever be held accountable so they get to swim win pension money AND go on a 100 Jamaican cruises at our expense. 

 

It's not the hardware that's expensive. It's the data on the devices and their potential to connect to state systems that could make it really expensive. 

[Euler]

If equipment "went missing," I'd presume that it was somehow officially in inventory once upon a time, with serial numbers, etc. Could it have been fraudulently documented non-existent equipment? I suppose it could have been, but the auditor said it was missing equipment, not fraud.

The state will surely investigate itself and find nothing wrong.

[Tip]

We looked exhaustively for the equipment that was allegedly missing and did not locate any.
We can only conclude that, since we did not find any equipment that was allegedly missing that the equipment in question must not exist. Case closed…

 

well, maybe not purple….

[mikew]

On 6/24/2025 at 6:00 PM, Tip said:

well, maybe not purple….

Your purple might be someone else's B&W.