Direct marketers are lauding first-term Republican Governor Bruce Rauner (above) for issuing an amendatory veto on an Illinois data breach bill that would place severe limitations on the collection of consumer marketing information. The stipulation includes geo-location information as well as online search and purchase history.
“What this bill does for the first time is define consumer marketing information as relevant in a data breach notifications statute,” said Chris Oswald, VP of advocacy for the Direct Marketing Association. “The whole purpose of a data breach notice is to put individuals on alert when their private information can be breached by thieves to do financial damage to them.”
Rauner agreed that Illinois Senate Bill 1833 went “too far” and was a “significant departure” from other state data protection laws. He exercised his amendatory veto power, returning it to the state Senate with revisions removing restrictions on marketing information.
“Compared to other types of personal information, the unauthorized release of consumer marketing and geo-location information does not pose the same risk of identity theft that justifies the extraordinary and costly security and notice requirements imposed by the Personal Information Protection Act,” Rauner wrote in a letter to both houses of the Illinois legislature.
In addition, Rauner proposed extending a requirement to notify consumers of a breach from 30 business days to 45 calendar days. He also recommended deleting a provision that all operators of websites post privacy policies, since national marketers are already complying with a similar California law.
Small businesses stood to be hurt most by the Illinois law. In an editorial in the Charleston (IL) Journal Gazette & Times-Courier, NetChoice Counsel Carl Szabo wrote that “this bill treats the breach of health care data from my health insurance company the same as a breach that reveals the last time I ordered a pie at my local pizzeria.”