Illinois Move to Broaden Data-Protection Law Thwarted--For Now

ANA Said Bill Is Perfect Example of Why Federal Laws Are Needed

By Published on .

Reprints Reprints

Bruce Rauner, governor of Illinois, as he delivers a budget address earlier this year.
Bruce Rauner, governor of Illinois, as he delivers a budget address earlier this year. Credit: Daniel Acker/Bloomberg

Marketers and advertisers sighed with relief last month when Illinois Gov. Bruce Rauner vetoed the most troublesome parts of a bill that would greatly expand the type of information subject to the state's data-privacy laws.

But now they are waiting for the other shoe to drop, unsure whether the Illinois General Assembly will override that veto.

As originally drafted, the Illinois bill would have added "consumer marketing information" and "geolocation information" to the types of protected personal information. It would also have required notification if there is a breach of information related to a consumer's online browsing history, online search history or purchasing history

Gov. Rauner called that a "significant departure from the data protection laws of other states."

"Compared to other types of personal information, the unauthorized release of consumer marketing and geolocation information does not pose the same risk of identity theft that justifies the extraordinary and costly security and notice requirements imposed by the Personal Information Protection Act," the governor said.

The Association of National Advertisers called the Illinois legislation "an unprecedented expansion of the scope of the current data breach law could cost Illinois companies multi-millions of dollars each year to protect non-sensitive information that poses no material risk of identity theft or financial harm to residents."

"In addition, consumers could eventually succumb to "notice fatigue" if they receive notices about breaches that involve no serious risk of harm to them," the ANA said.

The ANA also said the Illinois bill is the "poster child" example of why federal data-protection legislation is needed.

Time is on the side of the opponents of the restrictive portions of the bill, which they say could lead to a domino effect in other states if they became law.

The Illinois Senate officially acknowledged the veto on Sept. 9. It has 15 days from that date to hold an override vote.

Yet the Senate, which under state law must act first, is not scheduled to reconvene until Oct. 6, too late to hold an override vote.

But Cameron Sweatman, an Illinois Senate staffer, said the Oct. 6 date to return to session "is subject to change."

So the issue has become a waiting game.

And if the Senate is able to hold a vote, those who lobbied against the bill, which include the ANA, aren't sure they have the votes to maintain the veto. An override would require support from three-fifths of the chamber's 59 members. That would be 36 votes.

The bill originally passed the Senate on a 35-13 vote.

When he vetoed parts of the legislation, Gov. Rauner, a Republican, said "the bill goes too far, imposing duplicative and burdensome requirements that are out-of-step with other states."

Most Popular