ANA and Broad Coalition of Groups Oppose Onerous Data Breach Bill in Illinois

May 11, 2015

Today, the ANA and a broad coalition of other groups sent a letter to the Illinois House Judiciary-Civil Committee strongly opposing the extraordinarily broad Illinois data breach bill, SB 1833. That bill will be heard by the committee on Wednesday. The bill, which has already passed the Illinois Senate, is of major concern because it includes consumer marketing information as a category for breach notification. It is particularly bad for advertisers since it would expand security breach notice obligations far beyond the notice obligations that exist in any other state, which will set an onerous precedent.

This bill could have serious, negative implications to the economic stability and success of the state of Illinois. SB 1833 would negatively impact Illinois businesses and residents. According to a recent study, the Illinois Data-Driven Marketing Economy (DDME) is responsible for over $7 billion in revenues and more than 30,000 jobs annually to the state. Creating unnecessary compliance burdens on the businesses, marketers, advertisers, nonprofits and associations that drive Illinois’s data-driven economy absent a commensurate benefit to Illinois residents is not sound public policy.

The proposal is a significant overreach because it includes language that specifically targets advertisers but also including breaches of strictly marketing data as well as a number of other categories, including geolocation data. Even greater concern arises from the bill containing no risk of harm trigger, meaning that even information that is publicly available or that creates no risk to people whose information has been breached would be cause for notification. Consumers will therefore almost certainly be bombarded with breach notifications that will not serve any valid purpose because they would not be facing any threat of harm. ANA already sent an opposition letter to the Illinois Senate focusing on these areas of concern, and we intend to send one to Illinois House members to highlight the unnecessary burdens this would place on constituencies and consumers.

The prevalence of the introduction of these sorts of proposals in state legislatures is especially disturbing because it only adds complexities to the current patchwork of 47 different and inconsistent state laws regarding data security and data breach, and steers us further away from a solid piece of federal legislation. These inconsistencies yield a very difficult and constantly shifting regulatory environment in which businesses are unable to operate successfully and impose onerous and unnecessary costs.  

The movement of this Illinois breach proposal, and the damage that it could do to an already challenging system of various rules and regulations, is why the ANA and numerous other organizations are urging Congress to pass a federal data breach law that preempts the various state rules. Otherwise, we will continue to face individual proposals for unreasonable standards, and business will continue to struggle to abide by inconsistent rules. Until federal preemption is put into place, advertisers will continue to fall victim to attacks seriously burdening companies while not providing reasonable protection for consumers.

The full letter sent to the Illinois House Judiciary-Civil Committee can be viewed here.

You must be logged in to submit a comment.